March 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Mar 2023-Mar Final 1.0 329 2026-02-20T22:57:32 March 2023 Security Updates 2023-03-14T07:00:00 2026-02-20T22:57:32 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>Azure</li> <li>Client Server Run-time Subsystem (CSRSS)</li> <li>Internet Control Message Protocol (ICMP)</li> <li>Microsoft Bluetooth Driver</li> <li>Microsoft Dynamics</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Graphics Component</li> <li>Microsoft Office Excel</li> <li>Microsoft Office Outlook</li> <li>Microsoft Office SharePoint</li> <li>Microsoft OneDrive</li> <li>Microsoft PostScript Printer Driver</li> <li>Microsoft Printer Drivers</li> <li>Microsoft Windows Codecs Library</li> <li>Office for Android</li> <li>Remote Access Service Point-to-Point Tunneling Protocol</li> <li>Role: DNS Server</li> <li>Role: Windows Hyper-V</li> <li>Service Fabric</li> <li>Visual Studio</li> <li>Windows Accounts Control</li> <li>Windows Bluetooth Service</li> <li>Windows Central Resource Manager</li> <li>Windows Cryptographic Services</li> <li>Windows Defender</li> <li>Windows HTTP Protocol Stack</li> <li>Windows HTTP.sys</li> <li>Windows Internet Key Exchange (IKE) Protocol</li> <li>Windows Kernel</li> <li>Windows Partition Management Driver</li> <li>Windows Point-to-Point Protocol over Ethernet (PPPoE)</li> <li>Windows Remote Procedure Call</li> <li>Windows Remote Procedure Call Runtime</li> <li>Windows Resilient File System (ReFS)</li> <li>Windows Secure Channel</li> <li>Windows SmartScreen</li> <li>Windows TPM</li> <li>Windows Win32K</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 6, 2023</td> <td><a href="https://msrc-blog.microsoft.com/2023/01/06/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>December 29, 2022</td> <td><a href="https://msrc-blog.microsoft.com/2022/12/29/security-update-guide-improvement-representing-hotpatch-updates/">Security Update Guide Improvement – Representing Hotpatch Updates</a></td> </tr> <tr> <td>August 9, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1017">CVE-2023-1017</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1018">CVE-2023-1018</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1213">CVE-2023-1213</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1214">CVE-2023-1214</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1215">CVE-2023-1215</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1216">CVE-2023-1216</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1217">CVE-2023-1217</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1218">CVE-2023-1218</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1219">CVE-2023-1219</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1220">CVE-2023-1220</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1221">CVE-2023-1221</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1222">CVE-2023-1222</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1223">CVE-2023-1223</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1224">CVE-2023-1224</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1228">CVE-2023-1228</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1229">CVE-2023-1229</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1230">CVE-2023-1230</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1231">CVE-2023-1231</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1232">CVE-2023-1232</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1233">CVE-2023-1233</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1234">CVE-2023-1234</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1235">CVE-2023-1235</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-1236">CVE-2023-1236</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21708">CVE-2023-21708</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-22490">CVE-2023-22490</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-22743">CVE-2023-22743</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23383">CVE-2023-23383</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23385">CVE-2023-23385</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23388">CVE-2023-23388</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23389">CVE-2023-23389</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23391">CVE-2023-23391</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23392">CVE-2023-23392</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23393">CVE-2023-23393</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23394">CVE-2023-23394</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23395">CVE-2023-23395</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23396">CVE-2023-23396</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23397">CVE-2023-23397</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23398">CVE-2023-23398</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23399">CVE-2023-23399</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23400">CVE-2023-23400</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23401">CVE-2023-23401</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23402">CVE-2023-23402</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23403">CVE-2023-23403</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23404">CVE-2023-23404</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23405">CVE-2023-23405</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23406">CVE-2023-23406</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23407">CVE-2023-23407</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23408">CVE-2023-23408</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23409">CVE-2023-23409</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23410">CVE-2023-23410</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23411">CVE-2023-23411</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23412">CVE-2023-23412</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23413">CVE-2023-23413</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23414">CVE-2023-23414</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23415">CVE-2023-23415</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23416">CVE-2023-23416</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23417">CVE-2023-23417</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23418">CVE-2023-23418</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23419">CVE-2023-23419</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23420">CVE-2023-23420</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23421">CVE-2023-23421</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23422">CVE-2023-23422</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23423">CVE-2023-23423</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23618">CVE-2023-23618</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23946">CVE-2023-23946</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24856">CVE-2023-24856</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24857">CVE-2023-24857</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24858">CVE-2023-24858</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24861">CVE-2023-24861</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24863">CVE-2023-24863</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24864">CVE-2023-24864</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24865">CVE-2023-24865</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24866">CVE-2023-24866</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24867">CVE-2023-24867</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24868">CVE-2023-24868</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24869">CVE-2023-24869</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24870">CVE-2023-24870</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24871">CVE-2023-24871</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24872">CVE-2023-24872</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24876">CVE-2023-24876</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24879">CVE-2023-24879</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24880">CVE-2023-24880</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24882">CVE-2023-24882</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24890">CVE-2023-24890</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24891">CVE-2023-24891</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24892">CVE-2023-24892</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24906">CVE-2023-24906</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24908">CVE-2023-24908</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24909">CVE-2023-24909</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24910">CVE-2023-24910</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24911">CVE-2023-24911</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24913">CVE-2023-24913</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24919">CVE-2023-24919</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24920">CVE-2023-24920</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24921">CVE-2023-24921</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24922">CVE-2023-24922</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24923">CVE-2023-24923</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24930">CVE-2023-24930</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002355">5002355</a></td> <td>SharePoint Server Subscription Edition</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023696">5023696</a></td> <td>Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023702">5023702</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023705">5023705</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023706">5023706</a></td> <td>Windows 11 version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023752">5023752</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023754">5023754</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023755">5023755</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023756">5023756</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023759">5023759</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5023769">5023769</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.5 Snipping Tool Snip & Sketch for Windows 10 OneDrive for iOS Azure Service Fabric 9.0 for Linux Azure Service Fabric 9.1 for Windows Azure Service Fabric 9.1 for Ubuntu Azure Service Fabric 9.0 for Windows Azure HDInsight Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Malware Protection Engine Microsoft Office for Android Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Online Server Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Office LTSC 2021 for 32-bit editions Microsoft Outlook 2016 (32-bit edition) Microsoft Office LTSC 2021 for 64-bit editions Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 32-bit editions Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Office 2019 for Mac Microsoft Office LTSC for Mac 2021 Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) OneDrive for Android OneDrive for MacOS Installer Microsoft Office for Universal Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Extended Stable CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Outlook 2013 RT Service Pack 1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 OneDrive for Android Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Microsoft Malware Protection Engine Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 Azure HDInsight Microsoft Visual Studio 2022 version 17.2 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure Service Fabric 9.0 for Linux Microsoft Visual Studio 2022 version 17.4 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Microsoft Office for Android Microsoft Office for Universal Microsoft Visual Studio 2022 version 17.5 OneDrive for MacOS Installer OneDrive for iOS Azure Service Fabric 9.1 for Windows Azure Service Fabric 9.1 for Ubuntu Snipping Tool Snip & Sketch for Windows 10 Azure Service Fabric 9.0 for Windows azl3 samba 4.18.3-1 on Azure Linux 3.0 azl3 ceph 18.2.1-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-6 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-9 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 mod_http2 2.0.29-3 on Azure Linux 3.0 azl3 keda 2.14.0-1 on Azure Linux 3.0 azl3 xorg-x11-server 1.20.10-5 on Azure Linux 3.0 cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.118.1-2 on CBL Mariner 2.0 cm1 kernel 5.10.185.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.183.1-1 on CBL Mariner 1.0 cbl2 edk2 20230301gitf80f052277c8-37 on CBL Mariner 2.0 cbl2 kata-containers-cc 0.4.1-2 on CBL Mariner 2.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 cm1 qt5-qtbase 5.12.11-7 on CBL Mariner 1.0 cbl2 nodejs 16.20.1-2 on CBL Mariner 2.0 cbl2 grpc 1.42.0-11 on CBL Mariner 2.0 azl3 grpc 1.62.0-2 on Azure Linux 3.0 azl3 tensorflow 2.16.1-1 on Azure Linux 3.0 azl3 cmake 3.21.4-10 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.111.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.111.1-1 on CBL Mariner 2.0 cm1 hyperv-daemons 5.10.177.1-1 on CBL Mariner 1.0 cbl2 redis 6.2.12-1 on CBL Mariner 2.0 cm1 kernel 5.10.177.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.107.1-2 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.107.1-1 on CBL Mariner 2.0 cm1 openssl 1.1.1k-15 on CBL Mariner 1.0 cbl2 openssl 1.1.1k-23 on CBL Mariner 2.0 cm1 kernel 5.10.174.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.102.1-3 on CBL Mariner 2.0 cm1 hyperv-daemons 5.10.188.1-1 on CBL Mariner 1.0 cm1 moby-runc 1.1.5+azure-1 on CBL Mariner 1.0 cbl2 moby-runc 1.1.5-1 on CBL Mariner 2.0 cm1 hyperv-daemons 5.10.181.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.135.1-2 on CBL Mariner 2.0 cm1 cloud-hypervisor 22.0-2 on CBL Mariner 1.0 cbl2 cloud-hypervisor 30.0-2 on CBL Mariner 2.0 cm1 redis 6.2.11-1 on CBL Mariner 1.0 cm1 openssh 8.9p1-2 on CBL Mariner 1.0 cbl2 openssh 8.9p1-5 on CBL Mariner 2.0 cm1 dnsmasq 2.85-2 on CBL Mariner 1.0 cbl2 dnsmasq 2.89-2 on CBL Mariner 2.0 cm1 vim 9.0.1402-1 on CBL Mariner 1.0 cm1 sudo 1.9.13p3-1 on CBL Mariner 1.0 cm1 nodejs 14.21.1-2 on CBL Mariner 1.0 cbl2 reaper 3.1.1-5 on CBL Mariner 2.0 cbl2 vim 9.0.1402-1 on CBL Mariner 2.0 cbl2 kernel 5.15.102.1-1 on CBL Mariner 2.0 cm1 httpd 2.4.56-1 on CBL Mariner 1.0 cbl2 httpd 2.4.56-1 on CBL Mariner 2.0 cm1 systemd 239-44 on CBL Mariner 1.0 cbl2 redis 6.2.11-1 on CBL Mariner 2.0 cm1 nodejs 14.21.3-1 on CBL Mariner 1.0 cbl2 hyperv-daemons 5.15.102.1-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-2 on CBL Mariner 2.0 cbl2 mysql 8.0.33-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-13 on CBL Mariner 2.0 azl3 cmake 3.28.2-1 on Azure Linux 3.0 cm1 libtiff 4.5.0-1 on CBL Mariner 1.0 cbl2 qemu 6.2.0-22 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-10 on CBL Mariner 2.0 cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0 azl3 golang 1.20.2-1 on Azure Linux 3.0 azl3 kubevirt 1.2.0-1 on Azure Linux 3.0 azl3 qemu 8.2.0-1 on Azure Linux 3.0 cbl2 postgresql 14.10-1 on CBL Mariner 2.0 cbl2 mysql 8.0.34-1 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-1 on CBL Mariner 2.0 azl3 tensorflow 2.11.1-1 on Azure Linux 3.0 cbl2 qt5-qtbase 5.12.11-5 on CBL Mariner 2.0 cbl2 curl 8.0.1-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-12 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-4 on CBL Mariner 2.0 azl3 xorg-x11-server 1.20.10-6 on Azure Linux 3.0 azl3 xorg-x11-server 1.20.10-4 on Azure Linux 3.0 cbl2 rust 1.68.2-2 on CBL Mariner 2.0 cbl2 emacs 28.2-5 on CBL Mariner 2.0 cbl2 kubevirt 0.59.0-20 on CBL Mariner 2.0 cbl2 liblouis 3.26.0-1 on CBL Mariner 2.0 cbl2 emacs 28.2-4 on CBL Mariner 2.0 cbl2 libmemcached-awesome 1.1.4-1 on CBL Mariner 2.0 azl3 libmemcached-awesome 1.1.4-1 on Azure Linux 3.0 cm1 nasm 2.16-1 on CBL Mariner 1.0 cbl2 nasm 2.16-1 on CBL Mariner 2.0 cm1 heimdal 7.7.1-2 on CBL Mariner 1.0 cbl2 heimdal 7.7.1-2 on CBL Mariner 2.0 azl3 heimdal 7.8.0-3 on Azure Linux 3.0 cm1 syslinux 6.04-9 on CBL Mariner 1.0 cm1 libpng 1.6.37-4 on CBL Mariner 1.0 cbl2 syslinux 6.04-10 on CBL Mariner 2.0 cbl2 libpng 1.6.39-1 on CBL Mariner 2.0 cm1 python-gevent 1.3.6-5 on CBL Mariner 1.0 cm1 grpc 1.35.0-9 on CBL Mariner 1.0 cm1 c-ares 1.19.0-1 on CBL Mariner 1.0 cbl2 c-ares 1.19.0-1 on CBL Mariner 2.0 cbl2 libtiff 4.5.0-1 on CBL Mariner 2.0 cm1 postgresql 12.15-1 on CBL Mariner 1.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 cbl2 zstd 1.5.4-1 on CBL Mariner 2.0 cbl2 k3s on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 hvloader 1.0.1-11 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 azl3 ceph 16.2.10-3 on Azure Linux 3.0 azl3 keda 2.4.0-15 on Azure Linux 3.0 azl3 kubevirt 0.59.0-14 on Azure Linux 3.0 azl3 libmemcached-awesome 1.1.1-4 on Azure Linux 3.0 azl3 grpc 1.42.0-7 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Invalid certificate policies in leaf certificates are silently ignored <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-0465 Improper Certificate Validation 19678-17086 19671-17084 19686-17084 17909-16820 17374-16823 17856-16823 17857-16823 17910-16823 17859-17084 19662-17086 17093-17086 19678-17086 19671-17084 19686-17084 17909-16820 17374-16823 17856-16823 17857-16823 17910-16823 17859-17084 19662-17086 17093-17086 Moderate 19678-17086 Moderate 19671-17084 Moderate 19686-17084 Moderate 17909-16820 Moderate 17374-16823 Moderate 17856-16823 Moderate 17857-16823 Moderate 17910-16823 Moderate 17859-17084 19662-17086 Moderate 17093-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19678-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19671-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17909-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17374-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17856-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17857-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17910-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17859-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19662-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17093-17086 CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17909-16820 No Security Update 1.1.1k-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17909-16820 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 17856-16823 17859-17084 No Security Update 20230301gitf80f052277c8-37 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17856-16823 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 17857-16823 No Security Update 0.4.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17857-16823 CBL-Mariner Releases CBL-Mariner Releases 17910-16823 No Security Update 1.1.1k-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17910-16823 CBL-Mariner Releases 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-25T00:00:00 <p>Added nodejs18 to CBL-Mariner 2.0</p> 1.2 2023-06-27T00:00:00 <p>Added rust to CBL-Mariner 2.0</p> 1.3 2023-10-11T00:00:00 <p>Added edk2 to CBL-Mariner 2.0</p> 1.4 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.5 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:43:41 <p>Information published.</p> Certificate policy check not enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-0466 Improper Certificate Validation 19809-17086 17909-16820 17178-16823 17910-16823 17459-17084 17238-17086 19809-17086 17909-16820 17178-16823 17910-16823 17459-17084 17238-17086 19809-17086 Moderate 17909-16820 Moderate 17178-16823 Moderate 17910-16823 Moderate 17459-17084 Moderate 17238-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19809-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17909-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17178-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17910-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17238-17086 CBL-Mariner Releases 19809-17086 17178-16823 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17178-16823 17238-17086 CBL-Mariner Releases CBL-Mariner Releases 17909-16820 No Security Update 1.1.1k-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17909-16820 CBL-Mariner Releases CBL-Mariner Releases 17910-16823 No Security Update 1.1.1k-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17910-16823 CBL-Mariner Releases 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2024-11-28T00:00:00 <p>Added hvloader to CBL-Mariner 2.0 Added openssl to CBL-Mariner 2.0 Added openssl to CBL-Mariner 1.0</p> 2.0 2026-02-19T01:22:31 <p>Information published.</p> A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet then kernel could be affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0590 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Moderate 17902-16820 Moderate 17903-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17902-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012 but in asus devices the work_struct may be scheduled by the LED controller while the device is disconnecting triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1079 Use After Free 17911-16820 17912-16823 17911-16820 17912-16823 Moderate 17911-16820 Moderate 17912-16823 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17911-16820 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17912-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17912-16823 No Security Update 5.15.102.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17912-16823 CBL-Mariner Releases 1.0 2023-04-01T00:00:00 <p>Information published.</p> Divide By Zero in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-1127 17925-16820 17929-16823 17925-16820 17929-16823 Important 17925-16820 Important 17929-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17925-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17929-16823 CBL-Mariner Releases 17925-16820 17929-16823 No Security Update 9.0.1402-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17925-16820 17929-16823 CBL-Mariner Releases 1.0 2023-03-09T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Added vim to CBL-Mariner 1.0</p> Incorrect Calculation of Buffer Size in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-1175 17925-16820 17929-16823 17925-16820 17929-16823 Moderate 17925-16820 Moderate 17929-16823 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17925-16820 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17929-16823 CBL-Mariner Releases 17925-16820 17929-16823 No Security Update 9.0.1402-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17925-16820 17929-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-1264 17925-16820 17929-16823 17925-16820 17929-16823 Moderate 17925-16820 Moderate 17929-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17925-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17929-16823 CBL-Mariner Releases 17925-16820 17929-16823 No Security Update 9.0.1402-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17925-16820 17929-16823 CBL-Mariner Releases 1.0 2023-03-15T00:00:00 <p>Information published.</p> A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW) the Xserver would leave a dangling pointer to that window in the CompScreen structure which will trigger a use-after-free later. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1393 Use After Free 17816-17084 18389-16823 18390-17084 18391-17084 17816-17084 18389-16823 18390-17084 18391-17084 Important 17816-17084 Important 18389-16823 Important 18390-17084 Important 18391-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17816-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18389-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18390-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18391-17084 CBL-Mariner Releases 17816-17084 18389-16823 18391-17084 No Security Update 1.20.10-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17816-17084 18389-16823 18391-17084 CBL-Mariner Releases CBL-Mariner Releases 18390-17084 No Security Update 1.20.10-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18390-17084 CBL-Mariner Releases 2.7 2024-09-26T00:00:00 <p>Information published.</p> 2.8 2024-09-27T00:00:00 <p>Information published.</p> 3.1 2024-09-30T00:00:00 <p>Information published.</p> 3.5 2024-10-04T00:00:00 <p>Information published.</p> 3.7 2024-10-06T00:00:00 <p>Information published.</p> 3.8 2024-10-07T00:00:00 <p>Information published.</p> 3.9 2024-10-09T00:00:00 <p>Information published.</p> 4.5 2024-10-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 4.9 2024-10-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.0 2024-10-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.1 2024-10-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.3 2024-10-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.4 2024-10-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.6 2024-10-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.8 2024-10-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.0 2024-10-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.1 2024-10-31T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.4 2024-11-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.6 2024-11-06T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.8 2024-11-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.9 2024-11-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.0 2024-11-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.2 2024-11-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.3 2024-11-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.5 2024-11-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.9 2024-11-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.3 2024-11-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.5 2024-11-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.7 2024-11-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.8 2024-11-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.2 2024-12-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.5 2024-12-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.7 2024-12-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.0 2024-12-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.3 2024-12-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.4 2024-12-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.5 2024-12-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.6 2024-12-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.2 2024-12-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.4 2025-01-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.8 2025-01-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.9 2025-01-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.1 2025-01-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.2 2025-01-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.3 2025-01-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.4 2025-01-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.5 2025-01-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.8 2025-01-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.1 2025-01-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.2 2025-01-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.3 2025-01-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.4 2025-01-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.7 2025-01-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.8 2025-02-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.0 2025-02-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.3 2025-02-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.4 2025-02-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.3 2025-02-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.4 2025-02-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.5 2025-02-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.9 2025-02-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.0 2025-02-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.2 2025-02-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.3 2025-02-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.4 2025-02-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.6 2025-03-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.7 2025-03-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.3 2025-03-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.4 2025-03-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.6 2025-03-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.0 2025-03-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.1 2025-03-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.3 2025-03-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.4 2025-03-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.5 2025-03-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.6 2025-03-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.9 2025-03-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.0 2025-03-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.2 2025-03-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.4 2025-04-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.6 2025-04-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.0 2025-04-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.4 2025-04-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.5 2025-04-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.6 2025-04-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.7 2025-04-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.8 2025-04-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.1 2025-04-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.9 2025-04-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.0 2025-04-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.1 2025-05-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.3 2025-05-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.4 2025-05-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.5 2025-05-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.7 2025-05-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.8 2025-05-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.0 2025-05-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.1 2025-05-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.0 2025-05-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.1 2025-05-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.4 2025-05-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.5 2025-05-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.6 2025-05-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.7 2025-05-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 29.0 2025-06-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-09-12T00:00:00 <p>Information published.</p> 1.4 2024-09-13T00:00:00 <p>Information published.</p> 1.5 2024-09-14T00:00:00 <p>Information published.</p> 1.6 2024-09-15T00:00:00 <p>Information published.</p> 1.7 2024-09-16T00:00:00 <p>Information published.</p> 1.8 2024-09-17T00:00:00 <p>Information published.</p> 1.9 2024-09-18T00:00:00 <p>Information published.</p> 2.0 2024-09-19T00:00:00 <p>Information published.</p> 2.1 2024-09-20T00:00:00 <p>Information published.</p> 2.2 2024-09-21T00:00:00 <p>Information published.</p> 2.3 2024-09-22T00:00:00 <p>Information published.</p> 2.4 2024-09-23T00:00:00 <p>Information published.</p> 2.5 2024-09-24T00:00:00 <p>Information published.</p> 2.6 2024-09-25T00:00:00 <p>Information published.</p> 2.9 2024-09-28T00:00:00 <p>Information published.</p> 3.0 2024-09-29T00:00:00 <p>Information published.</p> 3.2 2024-10-01T00:00:00 <p>Information published.</p> 3.3 2024-10-02T00:00:00 <p>Information published.</p> 3.4 2024-10-03T00:00:00 <p>Information published.</p> 3.6 2024-10-05T00:00:00 <p>Information published.</p> 4.0 2024-10-10T00:00:00 <p>Information published.</p> 4.1 2024-10-11T00:00:00 <p>Information published.</p> 4.2 2024-10-12T00:00:00 <p>Information published.</p> 4.3 2024-10-13T00:00:00 <p>Information published.</p> 4.4 2024-10-14T00:00:00 <p>Information published.</p> 4.6 2024-10-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 4.7 2024-10-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 4.8 2024-10-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.2 2024-10-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.5 2024-10-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.7 2024-10-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 5.9 2024-10-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.2 2024-11-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.3 2024-11-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.5 2024-11-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 6.7 2024-11-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.1 2024-11-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.4 2024-11-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.6 2024-11-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.7 2024-11-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 7.8 2024-11-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.0 2024-11-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.1 2024-11-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.2 2024-11-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.4 2024-11-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.6 2024-11-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 8.9 2024-11-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.0 2024-12-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.1 2024-12-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.3 2024-12-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.4 2024-12-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.6 2024-12-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.8 2024-12-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 9.9 2024-12-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.1 2024-12-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.2 2024-12-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.7 2024-12-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.8 2024-12-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 10.9 2024-12-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.0 2024-12-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.1 2024-12-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.3 2024-12-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.4 2024-12-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.5 2024-12-27T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.6 2024-12-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.7 2024-12-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.8 2024-12-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 11.9 2024-12-31T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.0 2025-01-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.1 2025-01-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.2 2025-01-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.3 2025-01-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.5 2025-01-06T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.6 2025-01-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 12.7 2025-01-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.0 2025-01-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.6 2025-01-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.7 2025-01-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 13.9 2025-01-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.0 2025-01-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.5 2025-01-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.6 2025-01-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 14.9 2025-02-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.1 2025-02-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.2 2025-02-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.5 2025-02-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.6 2025-02-10T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.7 2025-02-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.8 2025-02-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 15.9 2025-02-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.0 2025-02-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.1 2025-02-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.2 2025-02-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.6 2025-02-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.7 2025-02-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 16.8 2025-02-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.1 2025-02-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.5 2025-03-01T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.8 2025-03-04T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 17.9 2025-03-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.0 2025-03-06T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.1 2025-03-08T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.2 2025-03-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.5 2025-03-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.7 2025-03-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.8 2025-03-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 18.9 2025-03-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.2 2025-03-20T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.7 2025-03-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 19.8 2025-03-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.1 2025-03-29T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.3 2025-03-31T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.5 2025-04-03T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.7 2025-04-05T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.8 2025-04-06T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 20.9 2025-04-07T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.1 2025-04-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.2 2025-04-11T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.3 2025-04-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 21.9 2025-04-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.0 2025-04-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.2 2025-04-21T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.3 2025-04-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.4 2025-04-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.5 2025-04-24T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.6 2025-04-25T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.7 2025-04-26T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 22.8 2025-04-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.2 2025-05-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.6 2025-05-06T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 23.9 2025-05-09T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.2 2025-05-12T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.3 2025-05-13T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.4 2025-05-14T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.5 2025-05-15T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.6 2025-05-16T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.7 2025-05-17T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.8 2025-05-18T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 24.9 2025-05-19T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.2 2025-05-22T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 25.3 2025-05-23T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 26.0 2025-05-28T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 27.0 2025-05-30T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 28.0 2025-05-31T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 30.0 2025-06-02T00:00:00 <p>Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0</p> 30.1 2026-02-20T22:57:32 <p>Information published.</p> Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2023-1544 Allocation of Resources Without Limits or Throttling 18535-17084 18016-16823 18233-17084 18535-17084 18016-16823 18233-17084 Moderate 18535-17084 Moderate 18016-16823 Moderate 18233-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 18535-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 18016-16823 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 18233-17084 CBL-Mariner Releases 18535-17084 18233-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 18233-17084 CBL-Mariner Releases CBL-Mariner Releases 18016-16823 No Security Update 6.2.0-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18016-16823 CBL-Mariner Releases 1.1 2025-04-11T00:00:00 <p>Added qemu to CBL-Mariner 2.0 Added qemu to Azure Linux 3.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2026-02-18T01:43:40 <p>Information published.</p> A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1652 Use After Free 17897-16820 17831-16820 17903-16823 17897-16820 17831-16820 17903-16823 Important 17897-16820 Important 17831-16820 Important 17903-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17897-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17831-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17903-16823 CBL-Mariner Releases 17897-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17897-16820 CBL-Mariner Releases CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-08T00:00:00 <p>Information published.</p> 1.1 2023-04-11T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0</p> 1.2 2023-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.3 2023-05-03T00:00:00 <p>Information published.</p> In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23003 Unchecked Return Value 17911-16820 17830-16823 17911-16820 17830-16823 Moderate 17911-16820 Moderate 17830-16823 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 17911-16820 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 17830-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17830-16823 No Security Update 5.15.118.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17830-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> 1.1 2023-08-30T00:00:00 <p>Information published.</p> In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23005 NULL Pointer Dereference 17911-16820 17889-16823 17911-16820 17889-16823 Moderate 17911-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> Integer Overflow in several Redis commands can lead to denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25155 Integer Overflow or Wraparound 17920-16820 17934-16823 17920-16820 17934-16823 Moderate 17920-16820 Moderate 17934-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17920-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17934-16823 CBL-Mariner Releases 17920-16820 17934-16823 No Security Update 6.2.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17920-16820 17934-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25658 Out-of-bounds Read 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow vulnerable to seg fault in `tf.raw_ops.Print` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25660 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow vulnerable to integer overflow in EditDistance <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25662 Integer Overflow or Wraparound 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Floating Point Exception in AudioSpectrogram <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25666 Incorrect Comparison 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25668 Heap-based Buffer Overflow 18294-16823 18295-17084 18294-16823 18295-17084 Critical 18294-16823 Critical 18295-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18294-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25670 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Null Pointer Error in LookupTableImportV2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25672 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Null Pointer Error in RandomShuffle with XLA enable <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25674 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26767 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18396-16823 18396-16823 Important 18396-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18396-16823 CBL-Mariner Releases 18396-16823 No Security Update 3.26.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18396-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26768 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18396-16823 18396-16823 Important 18396-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18396-16823 CBL-Mariner Releases 18396-16823 No Security Update 3.26.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18396-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> Disclosure of unrelated data in libmemcached-awesome <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-27478 Exposure of Sensitive Information to an Unauthorized Actor 20049-17084 18398-16823 18399-17084 20049-17084 18398-16823 18399-17084 Moderate 20049-17084 Moderate 18398-16823 Moderate 18399-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20049-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18398-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18399-17084 CBL-Mariner Releases 20049-17084 18398-16823 18399-17084 No Security Update 1.1.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20049-17084 18398-16823 18399-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-13T00:00:00 <p>Information published.</p> 1.2 2026-02-19T01:17:25 <p>Information published.</p> A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input thereby enabling attackers to execute arbitrary code on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27533 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 19686-17084 19671-17084 18387-16823 17953-16823 18287-16823 18388-16823 17878-17084 17957-17084 17879-17084 19668-17086 18295-17084 19686-17084 19671-17084 18387-16823 17953-16823 18287-16823 18388-16823 17878-17084 17957-17084 17879-17084 19668-17086 18295-17084 Important 19686-17084 Important 19671-17084 Important 18387-16823 Important 17953-16823 Important 18287-16823 Important 18388-16823 Important 17878-17084 Important 17957-17084 Important 17879-17084 Important 19668-17086 Important 18295-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19686-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19671-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18387-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17953-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18287-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18388-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17878-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17957-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17879-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19668-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18295-17084 CBL-Mariner Releases 18387-16823 No Security Update 8.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18387-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases CBL-Mariner Releases 18388-16823 No Security Update 3.21.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18388-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases CBL-Mariner Releases 17957-17084 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17957-17084 17879-17084 CBL-Mariner Releases 1.0 2023-04-04T00:00:00 <p>Information published.</p> 1.1 2023-04-01T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-09-24T00:00:00 <p>Information published.</p> 1.4 2026-02-18T01:12:31 <p>Information published.</p> An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However certain FTP settings such as CURLOPT_FTP_ACCOUNT CURLOPT_FTP_ALTERNATIVE_TO_USER CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL were not included in the configuration match checks causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer potentially allowing unauthorized access to sensitive information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27535 Improper Authentication 17879-17084 19668-17086 19686-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19671-17084 17879-17084 19668-17086 19686-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19671-17084 Moderate 17879-17084 Moderate 19668-17086 Moderate 19686-17084 Moderate 18387-16823 Moderate 17953-16823 Moderate 18287-16823 Moderate 17956-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 18295-17084 Moderate 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17879-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19668-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19686-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18387-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17953-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18287-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17956-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17878-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17957-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18295-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19671-17084 CBL-Mariner Releases 17879-17084 17957-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 17957-17084 CBL-Mariner Releases CBL-Mariner Releases 18387-16823 No Security Update 8.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18387-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases CBL-Mariner Releases 17956-16823 No Security Update 3.21.4-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17956-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases 1.4 2026-02-18T01:16:21 <p>Information published.</p> 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2023-04-01T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-11-20T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0</p> An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However two SSH settings were omitted from the configuration check allowing them to match easily potentially leading to the reuse of an inappropriate connection. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27538 Improper Authentication 17879-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19668-17086 19686-17084 19671-17084 17879-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19668-17086 19686-17084 19671-17084 Moderate 17879-17084 Moderate 18387-16823 Moderate 17953-16823 Moderate 18287-16823 Moderate 17956-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 18295-17084 Moderate 19668-17086 Moderate 19686-17084 Moderate 19671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17879-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18387-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17953-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18287-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17956-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17878-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17957-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18295-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19668-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19686-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19671-17084 CBL-Mariner Releases 17879-17084 17957-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 17957-17084 CBL-Mariner Releases CBL-Mariner Releases 18387-16823 No Security Update 8.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18387-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases CBL-Mariner Releases 17956-16823 No Security Update 3.21.4-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17956-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2023-04-01T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-11-20T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added tensorflow to Azure Linux 3.0 Added cmake to Azure Linux 3.0</p> 1.4 2026-02-18T01:18:34 <p>Information published.</p> TensorFlow has Floating Point Exception in TFLite in conv kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-27579 Incorrect Comparison 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> Versionize is lacking bound checks potentially leading to out of bounds memory access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-28448 Out-of-bounds Read 17918-16820 17919-16823 17918-16820 17919-16823 Important 17918-16820 Important 17919-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17918-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17919-16823 CBL-Mariner Releases 17918-16820 No Security Update 22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17918-16820 CBL-Mariner Releases CBL-Mariner Releases 17919-16823 No Security Update 30.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17919-16823 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28464 Double Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-04-07T00:00:00 <p>Information published.</p> Sudo before 1.9.13 does not escape control characters in sudoreplay output. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28487 Improper Encoding or Escaping of Output 17926-16820 17926-16820 Moderate 17926-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17926-16820 CBL-Mariner Releases 17926-16820 No Security Update 1.9.13p3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17926-16820 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28617 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 18394-16823 18394-16823 Important 18394-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18394-16823 CBL-Mariner Releases 18394-16823 No Security Update 28.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18394-16823 CBL-Mariner Releases 1.0 2023-03-27T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28772 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17911-16820 17911-16820 Moderate 17911-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17911-16820 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-06-07T00:00:00 <p>Information published.</p> The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3116 NULL Pointer Dereference 16864-17084 18431-17084 16864-17084 18431-17084 Important 16864-17084 Important 18431-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16864-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18431-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added samba to Azure Linux 3.0 Added heimdal to CBL-Mariner 2.0</p> 1.0 2024-10-05T00:00:00 <p>Information published.</p> 1.2 2026-02-19T01:03:20 <p>Information published.</p> Unauthorized read of Custom Resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner kubernetes Yes CVE-2022-3162 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 17761-17084 19877-17084 17761-17084 19877-17084 Moderate 17761-17084 Moderate 19877-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17761-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19877-17084 CBL-Mariner Releases 17761-17084 19877-17084 No Security Update 2.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17761-17084 19877-17084 CBL-Mariner Releases 1.2 2025-02-23T00:00:00 <p>Added prometheus-adapter to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added keda to Azure Linux 3.0</p> 1.3 2025-03-19T00:00:00 <p>Added keda to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added keda to Azure Linux 3.0</p> 1.4 2026-02-19T01:06:54 <p>Information published.</p> 1.0 2023-03-06T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3707 Double Free 17911-16820 17903-16823 17940-16823 17911-16820 17903-16823 17940-16823 Moderate 17911-16820 Moderate 17903-16823 Moderate 17940-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17903-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17940-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases CBL-Mariner Releases 17940-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17940-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2023-03-15T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3857 19668-17086 18295-17084 18432-16820 17864-16820 18433-16820 18434-16823 17384-16823 18435-16823 17878-17084 19668-17086 18295-17084 18432-16820 17864-16820 18433-16820 18434-16823 17384-16823 18435-16823 17878-17084 19668-17086 18295-17084 Moderate 18432-16820 Moderate 17864-16820 Moderate 18433-16820 Moderate 18434-16823 Moderate 17384-16823 Moderate 18435-16823 Moderate 17878-17084 CBL-Mariner Releases 18295-17084 17878-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18295-17084 17878-17084 CBL-Mariner Releases CBL-Mariner Releases 18432-16820 No Security Update 6.04-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18432-16820 CBL-Mariner Releases CBL-Mariner Releases 17864-16820 No Security Update 5.12.11-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17864-16820 CBL-Mariner Releases CBL-Mariner Releases 18433-16820 No Security Update 1.6.37-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18433-16820 CBL-Mariner Releases CBL-Mariner Releases 18434-16823 No Security Update 6.04-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18434-16823 CBL-Mariner Releases CBL-Mariner Releases 17384-16823 No Security Update 5.12.11-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17384-16823 CBL-Mariner Releases CBL-Mariner Releases 18435-16823 No Security Update 1.6.39-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18435-16823 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-10T00:00:00 <p>Information published.</p> 1.2 2024-10-09T00:00:00 <p>Information published.</p> A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c allowing an attacker to launch a local denial of service attack and gain escalation of privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4095 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-44370 Out-of-bounds Write 17667-17084 19668-17086 18427-16820 18428-16823 17667-17084 19668-17086 18427-16820 18428-16823 Important 17667-17084 Important 19668-17086 Important 18427-16820 Important 18428-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17667-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19668-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18427-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18428-16823 CBL-Mariner Releases 18427-16820 18428-16823 No Security Update 2.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18427-16820 18428-16823 CBL-Mariner Releases 1.3 2026-02-18T14:41:50 <p>Information published.</p> 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-03T00:00:00 <p>Information published.</p> 1.2 2023-06-03T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit e8131125. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-4645 Out-of-bounds Read 17977-16820 18440-16823 17977-16820 18440-16823 Moderate 17977-16820 Moderate 18440-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18440-16823 CBL-Mariner Releases 17977-16820 18440-16823 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 18440-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> In the Linux kernel before 6.1.3 fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48423 Out-of-bounds Write 17912-16823 17912-16823 Important 17912-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17912-16823 CBL-Mariner Releases 17912-16823 No Security Update 5.15.102.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17912-16823 CBL-Mariner Releases 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> In the Linux kernel before 6.1.3 fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48424 17844-16820 17912-16823 17844-16820 17912-16823 Important 17844-16820 Important 17912-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17844-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17912-16823 CBL-Mariner Releases 17844-16820 No Security Update 5.10.183.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17844-16820 CBL-Mariner Releases CBL-Mariner Releases 17912-16823 No Security Update 5.15.102.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17912-16823 CBL-Mariner Releases 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4899 Uncontrolled Resource Consumption 19519-16823 19407-17084 19519-16823 19407-17084 Important 19519-16823 Important 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19519-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 CBL-Mariner Releases 19519-16823 No Security Update 1.5.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19519-16823 CBL-Mariner Releases 1.1 2026-02-18T01:36:18 <p>Information published.</p> 1.0 2023-04-01T00:00:00 <p>Information published.</p> Node address isn't always verified when proxying <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner kubernetes Yes CVE-2022-3294 Improper Input Validation 19653-16823 19653-16823 Important 19653-16823 6.6 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 19653-16823 CBL-Mariner Releases 19653-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19653-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:19 <p>Information published.</p> Incorrect calculation on P256 curves in crypto/internal/nistec <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24532 Incorrect Calculation 19679-17084 19785-17086 17485-17084 19697-17084 17375-16823 18155-17084 19778-17086 19679-17084 19785-17086 17485-17084 19697-17084 17375-16823 18155-17084 19778-17086 Moderate 19679-17084 Moderate 19785-17086 Moderate 17485-17084 Moderate 19697-17084 Moderate 17375-16823 Moderate 18155-17084 Moderate 19778-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19679-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19785-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17485-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19697-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17375-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18155-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19778-17086 CBL-Mariner Releases 19679-17084 19785-17086 17485-17084 19697-17084 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19679-17084 19785-17086 17485-17084 19697-17084 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18155-17084 No Security Update 1.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18155-17084 CBL-Mariner Releases 1.1 2026-02-18T03:12:32 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28154 19693-17084 19693-17084 Critical 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 1.0 2025-09-03T22:00:24 <p>Information published.</p> 1.1 2026-02-18T03:04:22 <p>Information published.</p> WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27119 18469-17084 18469-17084 Moderate 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18469-17084 1.0 2025-09-04T00:10:52 <p>Information published.</p> 1.1 2026-02-18T14:57:35 <p>Information published.</p> libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48434 Use After Free 18469-17084 18469-17084 Important 18469-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.1 2026-02-18T14:03:41 <p>Information published.</p> 1.0 2025-09-04T00:15:51 <p>Information published.</p> A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0179 Integer Overflow or Wraparound 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-04T00:00:00 <p>Information published.</p> 1.1 2023-04-05T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0386 Improper Ownership Management 17913-16820 17831-16820 17903-16823 17913-16820 17831-16820 17903-16823 Important 17913-16820 Important 17831-16820 Important 17903-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17913-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17831-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17913-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17913-16820 CBL-Mariner Releases CBL-Mariner Releases 17831-16820 No Security Update 5.10.185.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17831-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-04-04T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1118 Use After Free 17911-16820 17930-16823 17911-16820 17930-16823 Important 17911-16820 Important 17930-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17911-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-1170 17925-16820 17929-16823 17925-16820 17929-16823 Moderate 17925-16820 Moderate 17929-16823 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17925-16820 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17929-16823 CBL-Mariner Releases 17925-16820 17929-16823 No Security Update 9.0.1402-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17925-16820 17929-16823 CBL-Mariner Releases 1.0 2023-03-11T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet then kernel could be affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1249 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Moderate 17902-16820 Moderate 17903-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17902-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet the kernel could be affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1252 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-30T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> UAF in Linux kernel's tcindex (traffic control index filter) implementation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-1281 Use After Free 17911-16820 17912-16823 17911-16820 17912-16823 Important 17911-16820 Important 17912-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17911-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17912-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17912-16823 No Security Update 5.15.102.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17912-16823 CBL-Mariner Releases 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2023-1355 17925-16820 17925-16820 Moderate 17925-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17925-16820 CBL-Mariner Releases 17925-16820 No Security Update 9.0.1402-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17925-16820 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100% causing a denial of service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1390 Excessive Platform Resource Consumption within a Loop 17911-16820 17911-16820 Important 17911-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17911-16820 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-17T00:00:00 <p>Information published.</p> A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing an information leak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1513 Improper Initialization 17911-16820 17912-16823 17911-16820 17912-16823 Low 17911-16820 Low 17912-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17911-16820 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17912-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17912-16823 No Security Update 5.15.102.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17912-16823 CBL-Mariner Releases 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-04T00:00:00 <p>Information published.</p> A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1670 Use After Free 17897-16820 17904-16823 17897-16820 17904-16823 Important 17897-16820 Important 17904-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17897-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17904-16823 CBL-Mariner Releases 17897-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17897-16820 CBL-Mariner Releases CBL-Mariner Releases 17904-16823 No Security Update 5.15.107.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17904-16823 CBL-Mariner Releases 1.0 2023-04-04T00:00:00 <p>Information published.</p> 1.1 2023-04-10T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> In read_paint of ttcolr.c there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254803162 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner google_android Yes CVE-2023-20958 Out-of-bounds Read 18364-16823 18364-16823 Important 18364-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18364-16823 CBL-Mariner Releases 18364-16823 No Security Update 5.12.11-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18364-16823 CBL-Mariner Releases 1.0 2023-05-23T00:00:00 <p>Information published.</p> In the Linux kernel before 5.17 drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case but an error pointer is used. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23000 NULL Pointer Dereference 17916-16820 17888-16823 17917-16823 17916-16820 17888-16823 17917-16823 Moderate 17916-16820 Moderate 17888-16823 Moderate 17917-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17916-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17888-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17916-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17916-16820 CBL-Mariner Releases CBL-Mariner Releases 17888-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17888-16823 CBL-Mariner Releases CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-04-04T00:00:00 <p>Information published.</p> 1.1 2023-04-03T00:00:00 <p>Information published.</p> 1.2 2023-03-09T00:00:00 <p>Information published.</p> 1.3 2023-05-25T00:00:00 <p>Information published.</p> In the Linux kernel before 5.16.3 drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23001 NULL Pointer Dereference 17911-16820 17930-16823 17911-16820 17930-16823 Moderate 17911-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> In the Linux kernel before 5.16.3 drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23002 NULL Pointer Dereference 17911-16820 17930-16823 17911-16820 17930-16823 Moderate 17911-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> In the Linux kernel before 5.19 drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23004 NULL Pointer Dereference 17911-16820 17930-16823 17911-16820 17930-16823 Moderate 17911-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23006 NULL Pointer Dereference 17911-16820 17911-16820 Moderate 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25659 Out-of-bounds Read 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> Denial of Service in TensorFlow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25661 Improper Input Validation 18294-16823 18294-16823 Moderate 18294-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18294-16823 CBL-Mariner Releases 18294-16823 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 CBL-Mariner Releases 1.0 2023-10-11T00:00:00 <p>Information published.</p> TensorFlow has Null Pointer Error in TensorArrayConcatV2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25663 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25664 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18294-16823 18295-17084 18294-16823 18295-17084 Critical 18294-16823 Critical 18295-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18294-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Null Pointer Error in SparseSparseMaximum <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25665 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow vulnerable to segfault when opening multiframe gif <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25667 Integer Overflow or Wraparound 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Floating Point Exception in AvgPoolGrad with XLA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25669 Incorrect Comparison 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has segmentation fault in tfg-translate <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25671 Out-of-bounds Write 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Floating Point Exception in TensorListSplit with XLA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25673 Incorrect Comparison 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has Segfault in Bincount with XLA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25675 Incorrect Comparison 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> TensorFlow has null dereference on ParallelConcat with XLA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25676 NULL Pointer Dereference 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18294-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-25690 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 17931-16820 17932-16823 17683-17084 17931-16820 17932-16823 17683-17084 Critical 17931-16820 Critical 17932-16823 Critical 17683-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17931-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17932-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17683-17084 CBL-Mariner Releases 17931-16820 17932-16823 No Security Update 2.4.56-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17931-16820 17932-16823 CBL-Mariner Releases CBL-Mariner Releases 17683-17084 No Security Update 2.0.29-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17683-17084 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2025-05-15T00:00:00 <p>Added mod_http2 to Azure Linux 3.0 Added httpd to CBL-Mariner 1.0 Added httpd to CBL-Mariner 2.0</p> TensorFlow has double free in Fractional(Max/Avg)Pool <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25801 Double Free 18294-16823 18295-17084 18294-16823 18295-17084 Important 18294-16823 Important 18295-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18294-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18295-17084 CBL-Mariner Releases 18294-16823 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18294-16823 18295-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25809 Improper Preservation of Permissions 17914-16820 17915-16823 17914-16820 17915-16823 Moderate 17914-16820 Moderate 17915-16823 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 17914-16820 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 17915-16823 CBL-Mariner Releases 17914-16820 No Security Update 1.1.5+azure-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17914-16820 CBL-Mariner Releases CBL-Mariner Releases 17915-16823 No Security Update 1.1.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17915-16823 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> On a compromised KubeVirt node the virt-handler service account can be used to modify all node specs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-26484 Incorrect Authorization 18395-16823 18189-17084 19959-17084 18395-16823 18189-17084 19959-17084 Important 18395-16823 Important 18189-17084 Important 19959-17084 8.2 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 18395-16823 8.2 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 18189-17084 8.2 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 19959-17084 CBL-Mariner Releases 18395-16823 No Security Update 0.59.0-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18395-16823 CBL-Mariner Releases CBL-Mariner Releases 18189-17084 19959-17084 No Security Update 1.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18189-17084 19959-17084 CBL-Mariner Releases 1.7 2026-02-19T01:13:22 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-09-06T00:00:00 <p>Information published.</p> 1.2 2024-09-07T00:00:00 <p>Information published.</p> 1.3 2024-09-08T00:00:00 <p>Information published.</p> 1.4 2024-09-11T00:00:00 <p>Information published.</p> 1.5 2024-10-12T00:00:00 <p>Information published.</p> 1.6 2024-12-03T00:00:00 <p>Added kubevirt to CBL-Mariner 2.0 Added kubevirt to Azure Linux 3.0</p> systemd before 247 does not adequately block local privilege escalation for some Sudo configurations e.g. plausible sudoers files in which the "systemctl status" command may be executed. Specifically systemd does not set LESSSECURE to 1 and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo because less executes as root when the terminal size is too small to show the complete systemctl output. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26604 17933-16820 17933-16820 Important 17933-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17933-16820 CBL-Mariner Releases 17933-16820 No Security Update 239-44 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17933-16820 CBL-Mariner Releases 1.0 2023-03-11T00:00:00 <p>Information published.</p> 1.1 2023-04-22T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26769 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18396-16823 18396-16823 Important 18396-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18396-16823 CBL-Mariner Releases 18396-16823 No Security Update 3.26.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18396-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend Cranelift has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1 5.0.1 and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-27477 Off-by-one Error 18392-16823 18392-16823 Moderate 18392-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 18392-16823 CBL-Mariner Releases 18392-16823 No Security Update 1.68.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18392-16823 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-27522 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 17931-16820 17932-16823 17931-16820 17932-16823 Important 17931-16820 Important 17932-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17931-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17932-16823 CBL-Mariner Releases 17931-16820 17932-16823 No Security Update 2.4.56-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17931-16820 17932-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27534 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 18295-17084 19668-17086 18387-16823 17953-16823 18287-16823 18388-16823 17878-17084 17957-17084 17879-17084 19671-17084 19686-17084 18295-17084 19668-17086 18387-16823 17953-16823 18287-16823 18388-16823 17878-17084 17957-17084 17879-17084 19671-17084 19686-17084 Important 18295-17084 Important 19668-17086 Important 18387-16823 Important 17953-16823 Important 18287-16823 Important 18388-16823 Important 17878-17084 Important 17957-17084 Important 17879-17084 Important 19671-17084 Important 19686-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18295-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19668-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18387-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17953-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18287-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18388-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17878-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17957-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17879-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19671-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19686-17084 CBL-Mariner Releases 18295-17084 17878-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18295-17084 17878-17084 CBL-Mariner Releases CBL-Mariner Releases 18387-16823 No Security Update 8.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18387-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases CBL-Mariner Releases 18388-16823 No Security Update 3.21.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18388-16823 CBL-Mariner Releases CBL-Mariner Releases 17957-17084 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17957-17084 17879-17084 CBL-Mariner Releases 1.4 2026-02-18T01:10:36 <p>Information published.</p> 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2023-04-01T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-09-24T00:00:00 <p>Information published.</p> An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27536 Improper Authentication 17879-17084 19668-17086 19671-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19686-17084 17879-17084 19668-17086 19671-17084 18387-16823 17953-16823 18287-16823 17956-16823 17878-17084 17957-17084 18295-17084 19686-17084 Moderate 17879-17084 Moderate 19668-17086 Moderate 19671-17084 Moderate 18387-16823 Moderate 17953-16823 Moderate 18287-16823 Moderate 17956-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 18295-17084 Moderate 19686-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17879-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19668-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18387-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17953-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18287-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17956-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17878-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17957-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18295-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19686-17084 CBL-Mariner Releases 17879-17084 17957-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 17957-17084 CBL-Mariner Releases CBL-Mariner Releases 18387-16823 No Security Update 8.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18387-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases CBL-Mariner Releases 17956-16823 No Security Update 3.21.4-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17956-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2023-04-01T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-11-20T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added tensorflow to Azure Linux 3.0 Added cmake to Azure Linux 3.0</p> 1.4 2026-02-18T01:08:38 <p>Information published.</p> A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks two threads sharing the same HSTS data could end up doing a double-free or use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-27537 Double Free 19668-17086 19686-17084 17953-16823 17954-16823 17878-17084 17957-17084 17879-17084 18295-17084 19671-17084 19668-17086 19686-17084 17953-16823 17954-16823 17878-17084 17957-17084 17879-17084 18295-17084 19671-17084 Moderate 19668-17086 Moderate 19686-17084 Moderate 17953-16823 Moderate 17954-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 17879-17084 Moderate 18295-17084 Moderate 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17953-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17954-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17878-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17957-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17879-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases CBL-Mariner Releases 17957-17084 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17957-17084 17879-17084 CBL-Mariner Releases 1.2 2026-02-18T01:03:13 <p>Information published.</p> 1.0 2023-04-03T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custom volume-mount configurations and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27561 Use of Incorrectly-Resolved Name or Reference 17914-16820 17915-16823 17914-16820 17915-16823 Important 17914-16820 Important 17915-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17914-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17915-16823 CBL-Mariner Releases 17914-16820 No Security Update 1.1.5+azure-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17914-16820 CBL-Mariner Releases CBL-Mariner Releases 17915-16823 No Security Update 1.1.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17915-16823 CBL-Mariner Releases 1.0 2023-03-11T00:00:00 <p>Information published.</p> 1.1 2023-04-22T00:00:00 <p>Information published.</p> emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27985 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 18397-16823 18397-16823 Important 18397-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18397-16823 CBL-Mariner Releases 18397-16823 No Security Update 28.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18397-16823 CBL-Mariner Releases 1.0 2023-03-13T00:00:00 <p>Information published.</p> emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27986 Improper Control of Generation of Code ('Code Injection') 18397-16823 18397-16823 Important 18397-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18397-16823 CBL-Mariner Releases 18397-16823 No Security Update 28.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18397-16823 CBL-Mariner Releases 1.0 2023-03-14T00:00:00 <p>Information published.</p> The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28155 Server-Side Request Forgery (SSRF) 17927-16820 17928-16823 19693-17084 17927-16820 17928-16823 19693-17084 Moderate 17927-16820 Moderate 17928-16823 Moderate 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17927-16820 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17928-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 CBL-Mariner Releases 17927-16820 No Security Update 14.21.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17927-16820 CBL-Mariner Releases CBL-Mariner Releases 17928-16823 No Security Update 3.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17928-16823 CBL-Mariner Releases 1.1 2026-02-18T02:59:40 <p>Information published.</p> 1.0 2023-03-22T00:00:00 <p>Information published.</p> Specially crafted MSETNX command can lead to denial-of-service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-28425 Improper Neutralization of Special Elements used in a Command ('Command Injection') 17920-16820 17899-16823 17920-16820 17899-16823 Moderate 17920-16820 Moderate 17899-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17920-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17899-16823 CBL-Mariner Releases 17920-16820 No Security Update 6.2.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17920-16820 CBL-Mariner Releases CBL-Mariner Releases 17899-16823 No Security Update 6.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17899-16823 CBL-Mariner Releases 1.0 2023-03-24T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28450 17923-16820 17924-16823 17923-16820 17924-16823 Important 17923-16820 Important 17924-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17923-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17924-16823 CBL-Mariner Releases 17923-16820 No Security Update 2.85-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17923-16820 CBL-Mariner Releases CBL-Mariner Releases 17924-16823 No Security Update 2.89-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17924-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call leading to a race condition (with a resultant use-after-free or NULL pointer dereference). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28466 NULL Pointer Dereference 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Sudo before 1.9.13 does not escape control characters in log messages. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28486 Improper Encoding or Escaping of Output 17926-16820 17926-16820 Moderate 17926-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17926-16820 CBL-Mariner Releases 17926-16820 No Security Update 1.9.13p3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17926-16820 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28531 17921-16820 17922-16823 17921-16820 17922-16823 Critical 17921-16820 Critical 17922-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17921-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17922-16823 CBL-Mariner Releases 17921-16820 No Security Update 8.9p1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17921-16820 CBL-Mariner Releases CBL-Mariner Releases 17922-16823 No Security Update 8.9p1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17922-16823 CBL-Mariner Releases 1.0 2023-03-24T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> AppArmor bypass with symlinked /proc in runc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-28642 Improper Link Resolution Before File Access ('Link Following') 17914-16820 17915-16823 17914-16820 17915-16823 Important 17914-16820 Important 17915-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17914-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17915-16823 CBL-Mariner Releases 17914-16820 No Security Update 1.1.5+azure-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17914-16820 CBL-Mariner Releases CBL-Mariner Releases 17915-16823 No Security Update 1.1.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17915-16823 CBL-Mariner Releases 1.0 2023-04-03T00:00:00 <p>Information published.</p> In the Linux kernel through 6.2.8 net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element but do not. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28866 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Moderate 17823-16820 Moderate 17824-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17823-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-04T00:00:00 <p>Information published.</p> Redis string pattern matching can be abused to achieve Denial of Service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-36021 Inefficient Algorithmic Complexity 17920-16820 17934-16823 17920-16820 17934-16823 Moderate 17920-16820 Moderate 17934-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17920-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17934-16823 CBL-Mariner Releases 17920-16820 17934-16823 No Security Update 6.2.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17920-16820 17934-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3854 Improper Handling of URL Encoding (Hex Encoding) 19814-17086 16939-17084 19856-17084 19814-17086 16939-17084 19856-17084 Moderate 19814-17086 Moderate 16939-17084 Moderate 19856-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19814-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16939-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19856-17084 CBL-Mariner Releases 19814-17086 No Security Update 16.2.10-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19814-17086 CBL-Mariner Releases CBL-Mariner Releases 16939-17084 19856-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16939-17084 19856-17084 CBL-Mariner Releases 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-12-03T00:00:00 <p>Added ceph to CBL-Mariner 2.0 Added ceph to Azure Linux 3.0</p> 1.3 2026-02-18T14:41:07 <p>Information published.</p> In PostgreSQL a modified unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-41862 Exposure of Sensitive Information to an Unauthorized Actor 18441-16820 18239-16823 18441-16820 18239-16823 Low 18441-16820 Low 18239-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 18441-16820 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 18239-16823 CBL-Mariner Releases 18441-16820 No Security Update 12.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18441-16820 CBL-Mariner Releases CBL-Mariner Releases 18239-16823 No Security Update 14.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18239-16823 CBL-Mariner Releases 1.1 2024-12-18T00:00:00 <p>Added postgresql to CBL-Mariner 2.0</p> 1.2 2025-03-12T00:00:00 <p>Added postgresql to CBL-Mariner 2.0</p> 1.0 2024-07-12T00:00:00 <p>Information published.</p> Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-45141 Inadequate Encryption Strength 16864-17084 16864-17084 Critical 16864-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-45142 Improper Validation of Integrity Check Value 18429-16820 18430-16823 18431-17084 18429-16820 18430-16823 18431-17084 Important 18429-16820 Important 18430-16823 Important 18431-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18429-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18430-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18431-17084 CBL-Mariner Releases 18429-16820 18430-16823 No Security Update 7.7.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18429-16820 18430-16823 CBL-Mariner Releases CBL-Mariner Releases 18431-17084 No Security Update 7.8.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18431-17084 CBL-Mariner Releases 1.1 2025-03-28T00:00:00 <p>Added heimdal to Azure Linux 3.0 Added heimdal to CBL-Mariner 1.0 Added heimdal to CBL-Mariner 2.0</p> 1.0 2023-03-14T00:00:00 <p>Information published.</p> In the Linux kernel through 6.2.7 fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48425 Release of Invalid Pointer or Reference 1.0 2023-03-24T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4904 Improper Validation of Specified Quantity in Input 20279-17084 19746-17084 18436-16820 17938-16820 18437-16820 18438-16820 18100-16823 17433-16823 17867-16823 17868-16823 18439-16823 17871-17084 17667-17084 20279-17084 19746-17084 18436-16820 17938-16820 18437-16820 18438-16820 18100-16823 17433-16823 17867-16823 17868-16823 18439-16823 17871-17084 17667-17084 Important 20279-17084 Important 19746-17084 Important 18436-16820 Important 17938-16820 Important 18437-16820 Important 18438-16820 Important 18100-16823 Important 17433-16823 Important 17867-16823 Important 17868-16823 Important 18439-16823 Important 17871-17084 Important 17667-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 20279-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19746-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 18436-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17938-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 18437-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 18438-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 18100-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17433-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17867-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17868-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 18439-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17871-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17667-17084 CBL-Mariner Releases 20279-17084 17871-17084 No Security Update 1.62.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20279-17084 17871-17084 CBL-Mariner Releases CBL-Mariner Releases 18436-16820 No Security Update 1.3.6-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18436-16820 CBL-Mariner Releases CBL-Mariner Releases 17938-16820 No Security Update 14.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17938-16820 CBL-Mariner Releases CBL-Mariner Releases 18437-16820 No Security Update 1.35.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18437-16820 CBL-Mariner Releases CBL-Mariner Releases 18438-16820 18439-16823 No Security Update 1.19.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18438-16820 18439-16823 CBL-Mariner Releases CBL-Mariner Releases 18100-16823 No Security Update 2.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18100-16823 CBL-Mariner Releases CBL-Mariner Releases 17433-16823 No Security Update 21.1.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17433-16823 CBL-Mariner Releases CBL-Mariner Releases 17867-16823 No Security Update 16.20.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17867-16823 CBL-Mariner Releases CBL-Mariner Releases 17868-16823 No Security Update 1.42.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17868-16823 CBL-Mariner Releases 1.2 2026-02-18T03:14:26 <p>Information published.</p> 1.0 2023-03-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-20251 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 16864-17084 16864-17084 Moderate 16864-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information it can be further used to defeat existing kernel protection mechanisms. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3923 Exposure of Sensitive Information to an Unauthorized Actor 17902-16820 17902-16820 Low 17902-16820 2.3 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 17902-16820 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases 1.0 2023-04-04T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2023-0330 Stack-based Buffer Overflow 19662-17086 17093-17086 18016-16823 19662-17086 17093-17086 18016-16823 19662-17086 Moderate 17093-17086 Moderate 18016-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 19662-17086 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 17093-17086 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 18016-16823 CBL-Mariner Releases 19662-17086 17093-17086 18016-16823 No Security Update 6.2.0-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19662-17086 17093-17086 18016-16823 CBL-Mariner Releases 2.0 2026-02-18T02:56:41 <p>Information published.</p> 1.0 2025-04-12T00:00:00 <p>Information published.</p> A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0778 Time-of-check Time-of-use (TOCTOU) Race Condition 18018-16823 19777-17086 18018-16823 19777-17086 Moderate 18018-16823 Moderate 19777-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 18018-16823 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 19777-17086 CBL-Mariner Releases 18018-16823 19777-17086 No Security Update 1.22.3-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18018-16823 19777-17086 CBL-Mariner Releases 1.0 2025-09-04T00:28:46 <p>Information published.</p> 1.1 2026-02-18T01:50:36 <p>Information published.</p> A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0664 Execution with Unnecessary Privileges 19662-17086 17093-17086 19662-17086 17093-17086 19662-17086 Important 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 1.0 2025-09-04T03:08:29 <p>Information published.</p> 2.0 2026-02-18T02:43:46 <p>Information published.</p> GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Visual Studio GitHub Yes CVE-2023-22743 11600 12051 11935 11969 12129 12167 Elevation of Privilege 11600 Elevation of Privilege 12051 Elevation of Privilege 11935 Elevation of Privilege 11969 Elevation of Privilege 12129 Elevation of Privilege 12167 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.53 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.14 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.25 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.20 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.6 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.2 Anonymous 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Snipping Tool Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>When an existing image is partially overwritten, an attacker may be able to recover parts of the original image through the use of a special tool.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do for this Low severity vulnerability?</strong></p> <p>The severity of this vulnerability is Low because successful exploitation requires uncommon user interaction and several factors outside of an attacker's control. For an image to be subject to this issue, a user must have created it under specific conditions:</p> <ol> <li>The user must take a screenshot, save it to a file, modify the file (for example, crop it), and then save the modified file to the same location.</li> <li>The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.</li> </ol> <p>Common use cases like copying the image from Snipping Tool or modifying it before saving it are not affected.</p> <p>For example, if you take a screenshot of your bank statement, save it to your desktop, and crop out your account number before saving it to the same location, the cropped image could still contain your account number in a hidden format that could be recovered by someone who has access to the complete image file. However, if you copy the cropped image from Snipping Tool and paste it into an email or a document, the hidden data will not be copied, and your account number will be safe.</p> <p><strong>What versions of Snipping Tool are affected?</strong></p> <p>The default Snipping Tool in Windows 10 and older versions are unaffected. Only Snip &amp; Sketch in Windows 10 and Snipping Tool in Windows 11 are affected by this vulnerability. A security update has been released for these applications, which is available through the Microsoft Store.</p> <p><strong>How can I check if the update is installed?</strong></p> <ul> <li>For Snip and Sketch installed on Windows 10, app versions <strong>10.2008.3001.0</strong> and later contain this update.</li> <li>For Snipping Tool installed on Windows 11, app versions <strong>11.2302.20.0</strong> and later contain this update.</li> </ul> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">Get updates for apps and games in Microsoft Store</a>. Based on your operating system, Microsoft Store will display the update that is available for the Snipping Tool you have installed.</p> Apps Microsoft Yes CVE-2023-28303 Exposure of Private Personal Information to an Unauthorized Actor 12173 12174 Information Disclosure 12173 Information Disclosure 12174 Low 12173 Low 12174 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12173 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12174 App Store https://www.microsoft.com/store/productId/9MZ95KL8MR0L 12173 Maybe Security Update 11.2302.20.0 App Store https://www.microsoft.com/store/productId/9MZ95KL8MR0L 12174 Security Update 10.2008.3001.0 David Buchanan (@David3141593) <br> Chris Blume (@ProgramMax) Simon Aarons (@ItsSimonTime) 1.0 2023-03-24T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>Added an FAQ to explain how to get the update from the Microsoft Store if automatic updates for the store are disabled. This is an informational change only.</p> Service Fabric Explorer Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A victim user would have to click the stored XSS payload injected by the attacker to be compromised.</p> <p><strong>According to the CVSS metric, confidentiality impact is low (C:L) but Integrity and Availability are High (I:H, A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially view sensitive data and perform operations on the targeted Service Fabric cluster, which could impact data integrity or availability.</p> <p><strong>How can I update my Service Fabric Cluster to the latest version?</strong></p> <p>If you have automatic updates, no action is needed. However, for those who choose to manually update, please refer to <a href="https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-version-azure#manual-upgrades-with-azure-portal">Manage Service Fabric cluster upgrades</a> for instructions on how to update your Service Fabric Cluster.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H) and privileges required is none (PR:N). What does that mean for this vulnerability?</strong></p> <p>For this vulnerability to be successfully exploited, an unauthenticated attacker would have convince or trick the victim to click through a sequence of multiple events.</p> Service Fabric Microsoft Yes CVE-2023-23383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12125 12171 12172 12208 Spoofing 12125 Spoofing 12171 Spoofing 12172 Spoofing 12208 Important 12125 Important 12171 Important 12172 Important 12208 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C 12125 8.2 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C 12171 8.2 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C 12172 8.2 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C 12208 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12125 Maybe Security Update 9.0.1317.1 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12171 Maybe Security Update 9.1.1583.9590 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12172 Maybe Security Update 9.1.1388.1 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12208 Maybe Security Update 9.0.1380.9590 Lidor B. with Orca Security 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-05-09T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2023-06-13T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 2.0 2023-06-29T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Microsoft Yes CVE-2023-23385 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Bluetooth Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.</p> Microsoft Bluetooth Driver Microsoft Yes CVE-2023-23388 Incorrect Conversion between Numeric Types 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 goodbyeselene 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Defender Elevation of Privilege Vulnerability <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Microsoft Malware Protection Engine affected by this vulnerability</td> <td>1.1.19900.2</td> </tr> <tr> <td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td> <td>Version 1.1.20000.2</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.``</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Engine?</strong></p> <p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Engine Version number. The update was successfully installed if the Malware Protection Engine version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> Windows Defender Microsoft Yes CVE-2023-23389 Time-of-check Time-of-use (TOCTOU) Race Condition 11902 Elevation of Privilege 11902 Important 11902 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11902 Release Notes 11902 No Security Update 1.1.20000.2 Abdelhamid Naceri 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-16T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Office for Android Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to click on a local file path link or download and run a malicious application or file.</p> <p><strong>What is the nature of the spoofing?</strong></p> <p>An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim.</p> Office for Android Microsoft Yes CVE-2023-23391 Relative Path Traversal 12155 Spoofing 12155 Important 12155 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12155 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.16026.20172 <a href="https://www.linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with Microsoft 1.0 2023-03-14T07:00:00 <p>Information published.</p> HTTP Protocol Stack Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.</p> Windows HTTP Protocol Stack Microsoft Yes CVE-2023-23392 Use After Free 11923 11924 11926 11927 12085 12086 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 12085 Remote Code Execution 12086 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 12085 Critical 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>A prerequisite for a server to be vulnerable is that the binding has HTTP/3 enabled and the server uses buffered I/O. HTTP/3 support for services is a new feature of Windows Server 2022. Currently, enabling HTTP/3 is done via a registry key as discussed in this article: <a href="https://techcommunity.microsoft.com/t5/networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880">Enabling HTTP/3 support on Windows Server 2022</a></p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Central Resource Manager Microsoft Yes CVE-2023-23393 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 1.0 2023-03-14T07:00:00 <p>Information published.</p> Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Client Server Run-time Subsystem (CSRSS) Microsoft Yes CVE-2023-23394 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 lm0963, l1nk3d, and renyimen with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>I am running SharePoint Foundation 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Foundation 2013 Service Pack 1 ?</strong></p> <p>Yes, customers running SharePoint Foundation 2013 Service Pack 1 should install both of the security updates. The updates can be installed in any order.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p> <p>No. Customers running SharePoint Enterprise Server 2013 Service Pack 1 should install either of the following:</p> <ul> <li>Cumulative update (ubersrv13). Note that this update also includes the *srvloc2013 update</li> <li>Both of the security updates (sts2013 AND *loc2013), which are the same updates as for Foundation Server 2013</li> </ul> <p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-23395 URL Redirection to Untrusted Site ('Open Redirect') 10950 11099 11585 11961 10612 Spoofing 10950 Spoofing 11099 Spoofing 11585 Spoofing 11961 Spoofing 10612 Important 10950 Important 11099 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10950 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11099 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11585 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11961 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10612 5002368 https://www.microsoft.com/download/details.aspx?familyid=46afa53e-5222-4a33-aa50-22ed33f6f63c 5002350 10950 Maybe Security Update 16.0.5387.1000 5002366 https://www.microsoft.com/download/details.aspx?familyid=b14b062c-18a2-48d5-9930-2c7154ec6a63 11099 Maybe Cumulative Update 15.0.5537.1000 5002367 https://www.microsoft.com/download/details.aspx?familyid=fd719e76-a9ce-478a-a373-5f4f07011ace 5002347 11099 10612 Maybe Security Update 15.0.5537.1000 5002168 https://www.microsoft.com/download/details.aspx?familyid=25c32eb5-da81-463f-b577-0b360ae33156 5002147 11099 10612 Maybe Security Update 15.0.5537.1000 5002358 https://www.microsoft.com/download/details.aspx?familyid=08a30773-d3ab-46d6-9138-93dbfcb890ea 5002342 11585 Maybe Security Update 16.0.10396.20000 5002355 https://www.microsoft.com/download/details.aspx?familyid=41026789-5c53-45bf-9d3b-83d962d5bf5b 5002353 11961 Maybe Security Update 16.0.16130.20166 5002355 https://support.microsoft.com/help/5002355 11961 Lukasz Plonka 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Excel Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The attacker could exploit this vulnerability by convincing a victim to open a specially crafted XLSX file which when opened would cause a denial-of-service condition for other processes running on that machine.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N). What does that mean for this vulnerability?</strong></p> <p>An attacker could trigger this vulnerability by convincing a victim to access a malicious file via a network connection or by downloading and opening the malicious file locally. In the worst case scenario, the malicious file could be triggered with a web request (AV:N). When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.</p> Microsoft Office Excel Microsoft Yes CVE-2023-23396 Uncontrolled Resource Consumption 11605 10611 Denial of Service 11605 Denial of Service 10611 Important 11605 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11605 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10611 5002356 https://www.microsoft.com/download/details.aspx?familyid=c9ab1a90-d9dd-475f-bfaa-a48e0734e157 5002309 11605 Maybe Security Update 16.0.10396.20000 5002362 https://www.microsoft.com/download/details.aspx?familyid=097d45a1-3bc3-43f8-b363-9def5eacb566 5002313 10611 Maybe Security Update 15.0.5537.1000 <a href="https://lucabarile.github.io/">Luca Barile</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-05-09T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2023-05-18T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.3 2023-06-13T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft Outlook Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim.</p> <p><strong>Where can I find more information about NTLM relay attacks?</strong></p> <p>Download <a href="https://www.microsoft.com/en-us/download/details.aspx?id=36036">Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2</a>. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.</p> <p><strong>Where can I find more information?</strong></p> <p>Please see the MSRC Blog Post relating to this vulnerability here: <a href="https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/">Microsoft Mitigates Outlook Elevation of Privilege Vulnerability</a>.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-23397 Improper Input Validation 11953 10765 11952 11763 11574 11762 11573 10811 10407 10810 10766 Elevation of Privilege 11953 Elevation of Privilege 10765 Elevation of Privilege 11952 Elevation of Privilege 11763 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11573 Elevation of Privilege 10811 Elevation of Privilege 10407 Elevation of Privilege 10810 Elevation of Privilege 10766 Critical 11953 Critical 10765 Critical 11952 Critical 11763 Critical 11574 Critical 11762 Critical 11573 Critical 10811 Critical 10407 Critical 10810 Critical 10766 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11953 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10765 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11952 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11763 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11574 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11762 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11573 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10811 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10407 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10810 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10766 Click to Run 11953 11952 11763 11574 11762 11573 No Security Update https://aka.ms/OfficeSecurityReleases 5002254 https://www.microsoft.com/download/details.aspx?familyid=65194ac0-3b9d-4345-84b2-c66bd196a91d 5002051 10765 Maybe Security Update 16.0.5387.1000 5002265 https://www.microsoft.com/download/details.aspx?familyid=e78aa39d-7d9b-4d01-98e0-f058ff3b2db3 5001990 10811 Maybe Security Update 15.0.5537.1000 5002265 5001990 10407 Maybe Security Update 15.0.5537.1000 5002265 https://www.microsoft.com/download/details.aspx?familyid=daf1d545-d8c8-471f-b392-d60d25e14828 5001990 10810 Maybe Security Update 15.0.5537.1000 5002254 https://www.microsoft.com/download/details.aspx?familyid=328f72f0-7eea-4e9b-acae-82851622dbe0 5002051 10766 Maybe Security Update 16.0.5387.1000 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> may be helpful in your situation:</strong></p> <ul> <li>Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM. Consider using it for high value accounts such as Domain Admins when possible. <strong>Please note:</strong> This may cause impact to applications that require NTLM, however the settings will revert once the user is removed from the Protected Users Group. Please see <a href="https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group">Protected Users Security Group</a> for more information.</li> <li>Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.</li> </ul> CERT-UA, Microsoft Incident Response, Microsoft Threat Intelligence 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-15T07:00:00 <p>Updated acknowledgment.</p> 1.2 2023-03-16T07:00:00 <p>Removed the mitigation guidance which recommended disabling the web client service as it is not applicable.</p> 1.3 2023-03-21T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Excel Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel and click the security warning prompt to &quot;Enable Content&quot;.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could trick a user into enabling content, that they are unable to inspect, which enables an attacker to view or alter data. However, this vulnerability would not allow an attacker to deny any function.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this spoofing vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> Microsoft Office Excel Microsoft Yes CVE-2023-23398 11573 11574 11762 11763 11952 11953 10739 10740 10656 10654 10655 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11952 Spoofing 11953 Spoofing 10739 Spoofing 10740 Spoofing 10656 Spoofing 10654 Spoofing 10655 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11573 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11574 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11952 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11953 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10739 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10740 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10656 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10654 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002351 https://www.microsoft.com/download/details.aspx?familyid=26906b52-eedd-478e-a43a-33c1eff2910a 5002322 10739 Maybe Security Update 16.0.5387.1000 5002351 https://www.microsoft.com/download/details.aspx?familyid=87cb9fe2-9666-4f2c-a048-c7d7b5e5efce 5002322 10740 Maybe Security Update 16.0.5387.1000 5002348 https://www.microsoft.com/download/details.aspx?familyid=87cb9fe2-9666-4f2c-a048-c7d7b5e5efce 5002320 10656 Maybe Security Update 15.0.5537.1000 5002348 https://www.microsoft.com/download/details.aspx?familyid=631982f2-a5ad-409c-ab4a-f6fad6743486 5002320 10654 10655 Maybe Security Update 15.0.5537.1000 Anonymous 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-05-09T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-06-13T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2023-23399 Out-of-bounds Read 11573 11574 11575 11605 11762 11763 11951 11952 11953 10739 10740 10753 10754 10656 10654 10655 10603 10601 10602 10611 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Remote Code Execution 10611 Important 11573 Important 11574 Important 11575 Important 11605 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Important 10753 Important 10754 Important 10656 Important 10654 Important 10655 Important 10603 Important 10601 Important 10602 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.71.23031200 5002356 https://www.microsoft.com/download/details.aspx?familyid=c9ab1a90-d9dd-475f-bfaa-a48e0734e157 5002309 11605 Maybe Security Update 16.0.10396.20000 5002351 https://www.microsoft.com/download/details.aspx?familyid=26906b52-eedd-478e-a43a-33c1eff2910a 5002322 10739 Maybe Security Update 16.0.5387.1000 5002351 https://www.microsoft.com/download/details.aspx?familyid=87cb9fe2-9666-4f2c-a048-c7d7b5e5efce 5002322 10740 Maybe Security Update 16.0.5387.1000 5002197 https://www.microsoft.com/download/details.aspx?familyid=c244426f-03c6-4646-bb1a-be7e83b58eb8 5002143 10753 Maybe Security Update 16.0.5387.1000 5002197 https://www.microsoft.com/download/details.aspx?familyid=863fd669-ec5c-4600-964c-087eb817475c 5002143 10754 Maybe Security Update 16.0.5387.1000 5002348 5002320 10656 Maybe Security Update 15.0.5537.1000 5002348 https://www.microsoft.com/download/details.aspx?familyid=631982f2-a5ad-409c-ab4a-f6fad6743486 5002320 10654 10655 Maybe Security Update 15.0.5537.1000 5002198 https://www.microsoft.com/download/details.aspx?familyid=daf1d545-d8c8-471f-b392-d60d25e14828 5002148 10603 10602 Maybe Security Update 15.0.5537.1000 5002198 https://www.microsoft.com/download/details.aspx?familyid=944bc007-be74-45b4-99c1-06c0ce0216f3 5002148 10601 Maybe Security Update 15.0.5537.1000 5002362 https://www.microsoft.com/download/details.aspx?familyid=097d45a1-3bc3-43f8-b363-9def5eacb566 5002313 10611 Maybe Security Update 15.0.5537.1000 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-23403 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k kap0k kap0k <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng) &amp; kap0k</a> kap0k kap0k kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24856 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24919 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 <a href="https://batr.am/">batram</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24879 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 <a href="https://batr.am/">batram</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24920 Cross-Site Request Forgery (CSRF) 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://twitter.com/soaj1664ashar">Ashar Javed</a> of <a href="https://www.hyundai-autoever.eu/">Hyundai AutoEver Europe GmbH</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24921 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 <a href="https://batr.am/">batram</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-06-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>This vulnerability causes a verbose error message that could provide attacker with enough information to construct a malicious payload.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24922 Improper Neutralization of Data within XPath Expressions ('XPath Injection') 11664 11921 Information Disclosure 11664 Information Disclosure 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11664 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11921 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 <a href="https://www.linkedin.com/in/tevfikd/">Tevfik DEMİREL</a> with <a href="https://www.linkedin.com/in/tevfikd/">Cyber Security Engineer</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-04-25T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft OneDrive for Android Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> (AV:L) and <strong>User Interaction</strong> is <strong>Required</strong> (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.</p> <p><strong>How do I get the update for OneDrive for Android?</strong></p> <ol> <li>Tap the <strong>Google Play</strong> icon on your home screen.</li> <li>Swipe in from the left edge of the screen.</li> <li>Tap <strong>My apps &amp; games</strong>.</li> <li>Tap the Update box next to the <strong>OneDrive app</strong>.</li> </ol> <p><strong>Is there a direct link on the web?</strong></p> <p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.skydrive&amp;hl=en_US">https://play.google.com/store/apps/details?id=com.microsoft.skydrive&amp;hl=en_US</a></p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>This vulnerability could disclose Android/local URIs, to which OneDrive has been granted access, to the attacker.</p> Microsoft OneDrive Microsoft Yes CVE-2023-24923 11726 Information Disclosure 11726 Important 11726 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11726 App Store https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US&gl=US 11726 Maybe Security Update 6.73 Martin Kibuchi 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft OneDrive for Android Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> (AV:L) and <strong>User Interaction</strong> is <strong>Required</strong> (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.</p> <p><strong>How do I get the update for OneDrive for Android?</strong></p> <ol> <li>Tap the <strong>Google Play</strong> icon on your home screen.</li> <li>Swipe in from the left edge of the screen.</li> <li>Tap <strong>My apps &amp; games</strong>.</li> <li>Tap the Update box next to the <strong>OneDrive app</strong>.</li> </ol> <p><strong>Is there a direct link on the web?</strong></p> <p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.skydrive&amp;hl=en_US">https://play.google.com/store/apps/details?id=com.microsoft.skydrive&amp;hl=en_US</a></p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>This vulnerability could disclose Android/local URIs, to which OneDrive has been granted access, to the attacker.</p> Microsoft OneDrive Microsoft Yes CVE-2023-24882 11726 Information Disclosure 11726 Important 11726 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11726 App Store https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US&gl=US 11726 Maybe Security Update 6.73 Martin Mwangi Kibuchi 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> <p><strong>How do I get the update for OneDrive for Mac?</strong></p> <ol> <li>Tap the Settings Icon</li> <li>Tap the iTunes &amp; App Store</li> <li>Turn on AUTOMATIC DOWNLOADS for Apps</li> </ol> <p><strong>Alternatively</strong></p> <ol> <li>Tap the App Store Icon</li> <li>Scroll down to find Microsoft OneDrive</li> <li>Tap the Update button</li> </ol> Microsoft OneDrive Microsoft Yes CVE-2023-24930 Improper Link Resolution Before File Access ('Link Following') 12169 Elevation of Privilege 12169 Important 12169 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12169 App Store 12169 Maybe Security Update 23.020.0125.0002 <a href="https://github.com/kohnakagawa">Koh M. Nakagawa</a> with <a href="https://www.ffri.jp/en/index.htm">FFRI Security, Inc.</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> Microsoft Dynamics Microsoft Yes CVE-2023-24891 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1213 Use after free in Swiftshader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1213 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1214 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1214 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1215 Type Confusion in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1215 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1216 Use after free in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1216 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1217 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1218 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1218 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.1587.69 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1219 Heap buffer overflow in Metrics <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1219 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1220 Heap buffer overflow in UMA <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1220 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1221 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1222 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1223 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1224 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1228 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.5481.192 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1229 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1230 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1231 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1231 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1232 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 Release Notes 12142 No Security Update 110.0.1587.69 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1233 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1234 Inappropriate implementation in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1234 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1235 Type Confusion in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1235 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1236 Inappropriate implementation in Internals <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.41</td> <td>111.0.5563.65</td> <td>3/13/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.69</td> <td>110.0.5481.192</td> <td>3/13/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1236 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.41 1.0 2023-03-13T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> <p><strong>Is blocking RPC with a perimeter firewall recommended?</strong></p> <p>Blocking TCP port 135 at the enterprise perimeter firewall is a recommended best practice that could reduce the likelihood of some potential attacks against this vulnerability.</p> Windows Remote Procedure Call Microsoft Yes CVE-2023-21708 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 1.0 2023-03-14T07:00:00 <p>Information published.</p> GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration.</p> <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-22490 11600 12051 11969 11935 12129 12167 Information Disclosure 11600 Information Disclosure 12051 Information Disclosure 11969 Information Disclosure 11935 Information Disclosure 12129 Information Disclosure 12167 Important 11600 Important 12051 Important 11969 Important 11935 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.53 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.14 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.20 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.25 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.6 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.2 Anonymous 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Role: DNS Server Microsoft Yes CVE-2023-23400 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10816 10855 Yes Security Update 10.0.14393.5786 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-23401 Incorrect Conversion between Numeric Types 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/linhlhq">L&#234; Hữu Quang Linh</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-23402 Double Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/linhlhq">L&#234; Hữu Quang Linh</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Remote Access Service Point-to-Point Tunneling Protocol Microsoft Yes CVE-2023-23404 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 greenbamboo <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> Windows Remote Procedure Call Runtime Microsoft Yes CVE-2023-23405 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-23406 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be on the same network segment as the target system. Traffic associated with exploitation of this vulnerability is not routable and is bound to the <a href="https://learn.microsoft.com/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model">data link layer of the OSI model</a>.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to dial a PPPoE connection at the same time an attacker was attempting to exploit the vulnerability.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Microsoft Yes CVE-2023-23407 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Azure Apache Ambari Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious URL that the victim would have to execute.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this.</p> Azure Microsoft Yes CVE-2023-23408 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11987 Spoofing 11987 Important 11987 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.5 3.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11987 Release Notes https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-upgrade-cluster 11987 Maybe Security Update 2302250400 Lidor B. with Orca Security 1.1 2023-06-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Client Server Run-time Subsystem (CSRSS) Microsoft Yes CVE-2023-23409 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 lm0963 with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows HTTP.sys Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows HTTP.sys Microsoft Yes CVE-2023-23410 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Anonymous working with Trend Micro Zero Day Initiative Keqi Hu 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2023-23411 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 10735 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11569 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11569 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11931 Yes Security Update 10.0.19044.2728 5023696 https://support.microsoft.com/help/5023696 11931 12097 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10853 10816 10855 Yes Security Update 10.0.14393.5786 Eran Segal with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Accounts Picture Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Accounts Control Microsoft Yes CVE-2023-23412 Improper Privilege Management 11568 11569 11570 11571 11572 11923 11924 11801 11802 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> with Infigo IS 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-23413 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>The following changes were made: 1) Added FAQ to explain how an attacker could exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational changes only.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be on the same network segment as the target system. Traffic associated with exploitation of this vulnerability is not routable and is bound to the <a href="https://learn.microsoft.com/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model">data link layer of the OSI model</a>.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to dial a PPPoE connection at the same time an attacker was attempting to exploit the vulnerability.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Microsoft Yes CVE-2023-23414 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.</p> Internet Control Message Protocol (ICMP) Microsoft Yes CVE-2023-23415 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/hexnomad">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect Software</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Cryptographic Services Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Cryptographic Services Microsoft Yes CVE-2023-23416 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/hexnomad">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect Software</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-06-19T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Partition Management Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Partition Management Driver Microsoft Yes CVE-2023-23417 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 Fraunhofer FKIE CA&amp;D 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2023-23418 Out-of-bounds Read 12085 12086 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2023-23419 Improper Input Validation 12085 12086 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-23420 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-23421 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-23422 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-23423 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/print/standard-xps-filters">Standard XPS Filters</a> for more information.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24857 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/print/standard-xps-filters">Standard XPS Filters</a> for more information.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24858 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.1 2023-05-09T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Protocol Microsoft Yes CVE-2023-24859 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> Windows Win32K Microsoft Yes CVE-2023-24861 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Microsoft Yes CVE-2023-24862 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24863 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an elevation of privilege attack on the machine.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/print/standard-xps-filters">Standard XPS Filters</a> for more information.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24864 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Adel from MSRC's V&M 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24865 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k kap0k kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24866 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24906 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Adel from MSRC's V&M 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24867 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>The following changes were made: 1) Added FAQ to explain how an attacker could exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational changes only.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24907 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>Added FAQ to provide further vulnerability details. This is an informational change only.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24868 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Windows Remote Procedure Call Runtime Microsoft Yes CVE-2023-24908 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Windows Remote Procedure Call Runtime Microsoft Yes CVE-2023-24869 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24909 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>The following changes were made: 1) Added FAQ to explain how an attacker could exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational changes only.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-24910 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 11575 11951 12155 12156 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 11575 Elevation of Privilege 11951 Elevation of Privilege 12155 Elevation of Privilege 12156 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 11575 Important 11951 Important 12155 Important 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.71.23031200 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.16026.20172 Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14606.20000 <a href="https://twitter.com/laith_satari">Laith AL-Satari</a> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24870 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could send a specially crafted print task to a shared vulnerable Windows XPS Print server across a local network. Successful exploitation could result in the printer exposing the contents of the process' heap memory.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24911 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11570 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11801 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11802 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11926 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11927 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 Adel from MSRC's V&M 1.1 2023-05-09T07:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Windows Bluetooth Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> Windows Bluetooth Service Microsoft Yes CVE-2023-24871 Integer Overflow or Wraparound 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 goodbyeselene 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24872 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.1 2023-09-03T07:00:00 <p>Updated the links to the Windows Update Catalog. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24913 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>By leveraging malicious TPM commands from a guest VM to a target running Hyper-V, an attacker can cause an out of bounds write in the root partition.</p> <p><strong>Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?</strong></p> <p>This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.</p> Windows TPM CERT/CC Yes CVE-2023-1017 Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11926 11931 12086 12097 10735 10853 10816 10855 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11931 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11931 Critical 12086 Critical 12097 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11569 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11569 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11931 Yes Security Update 10.0.19044.2728 5023696 https://support.microsoft.com/help/5023696 11931 12097 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10853 10816 10855 Yes Security Update 10.0.14393.5786 Francisco Falcon, Quarkslab 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-24876 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 kap0k 1.0 2023-03-14T07:00:00 <p>Information published.</p> 1.1 2023-03-30T07:00:00 <p>The following changes were made: 1) Added FAQ to explain how an attacker could exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational changes only.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> <p><strong>What is the relationship between Mark of the Web and Windows SmartScreen?</strong></p> <p>When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. For more information on SmartScreen, please visit <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview">Microsoft Defender SmartScreen overview | Microsoft Learn</a>.</p> Windows SmartScreen Microsoft Yes CVE-2023-24880 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Moderate 11568 Moderate 11569 Moderate 11570 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11801 Moderate 11802 Moderate 11926 Moderate 11927 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11568 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11569 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11570 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11571 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11572 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11923 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11924 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11801 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11802 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11926 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11927 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11929 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11930 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11931 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12085 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12097 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12098 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12099 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10852 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10853 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10816 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 12097 12098 12099 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12085 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12085 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 12098 12099 Yes Security Update 10.0.19045.2728 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 Bill Demirkapi of Microsoft Benoît Sevens and Vlad Stolyarov of Google’s Threat Analysis Group 1.1 2023-06-13T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-23946 11600 12051 11935 11969 12129 12167 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12167 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.53 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.14 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.25 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.20 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.6 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.2 Anonymous 1.0 2023-03-14T07:00:00 <p>Information published.</p> GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2023-23618 11600 12051 11935 11969 12129 12167 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12167 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.53 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.14 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.25 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.20 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.6 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.2 Anonymous 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft OneDrive for iOS Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain access to files stored in a locked vault.</p> <p><strong>Does this vulnerability affect all OneDrive for iOS customers?</strong></p> <p>No. Only customers based in Australia are required to take action as the feature which was susceptible to this vulnerability was only deployed to that region.</p> Microsoft OneDrive Microsoft Yes CVE-2023-24890 Weak Authentication 12170 Security Feature Bypass 12170 Important 12170 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12170 App Store https://apps.apple.com/us/app/microsoft-onedrive/id477537958 12170 Maybe Security Update 14.2.2 Maxwell Swadling 1.0 2023-03-14T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could use the WebView2 API to leak login credentials.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-24892 11655 Spoofing 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 111.0.1661.41 Markus Z&#252;hlke-Taczkowski 1.1 2023-05-09T07:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> 1.2 2023-05-16T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.0 2023-03-14T07:00:00 <p>Information published.</p> CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability <p><strong>Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?</strong></p> <p>This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.</p> Windows TPM CERT/CC Yes CVE-2023-1018 Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11926 11931 12086 12097 10735 10853 10816 10855 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11931 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11931 Critical 12086 Critical 12097 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11569 11571 11572 Yes Security Update 10.0.17763.4131 5023702 https://support.microsoft.com/help/5023702 11569 11571 11572 5023705 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705 5022842 11923 11924 Yes Security Update 10.0.20348.1607 5023705 https://support.microsoft.com/help/5023705 11923 11924 5023786 11923 11924 No Security Hotpatch Update 10.0.20348.1602 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 Yes Security Update 10.0.22000.1696 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11931 Yes Security Update 10.0.19044.2728 5023696 https://support.microsoft.com/help/5023696 11931 12097 5023706 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023706 5022845 12086 Yes Security Update 10.0.22621.1413 5023706 https://support.microsoft.com/help/5023706 12086 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 12097 Yes Security Update 10.0.19045.2728 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10735 Yes Security Update 10.0.10240.19805 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10853 10816 10855 Yes Security Update 10.0.14393.5786 Francisco Falcon, Quarkslab 1.0 2023-03-14T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1534 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1534 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 Release Notes 12142 No Security Update 110.0.1587.78 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1528 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1528 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 Release Notes 12142 No Security Update 110.0.1587.78 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1529 Out of bounds memory access in WebHID <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1529 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 Release Notes 12142 No Security Update 110.0.1587.78 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1530 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1530 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1531 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1531 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1532 Out of bounds read in GPU Video <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1532 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 Release Notes 12142 No Security Update 110.0.1587.78 1.0 2023-03-24T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1533 Use after free in WebProtect <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1533 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 111.0.1661.54 1.0 2023-03-24T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-28286 11655 12142 Remote Code Execution 11655 Remote Code Execution 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 111.0.1661.54 Release Notes 12142 No Security Update 110.0.1587.78 <a href="https://twitter.com/agamimaulana">Muhammad R. Maulana</a> 1.0 2023-03-24T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> <p><strong>According to the CVSS metrics, the attack vector is local (AV:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have loaded the malicious executable onto the victim's machine through social engineering first. The execution of the attack itself only occurs on the victim's local machine with no network access required.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot impact the availability of the browser.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>111.0.1661.54</td> <td>111.0.5563.110/.111</td> <td>3/23/2023</td> </tr> <tr> <td>Extended Stable</td> <td>110.0.1587.78</td> <td>110.0.5481.208</td> <td>3/23/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-28261 12142 11655 Elevation of Privilege 12142 Elevation of Privilege 11655 Low 12142 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12142 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 12142 No Security Update 110.0.1587.78 Release Notes 11655 No Security Update 111.0.1661.54 <a href="https://github.com/kohnakagawa">Koh M. Nakagawa</a> with <a href="https://www.ffri.jp/en/index.htm">FFRI Security, Inc.</a> 1.0 2023-03-24T07:00:00 <p>Information published.</p> 1.1 2023-06-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.2 2023-08-01T07:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052 Mariner psirt@cisco.com Yes CVE-2023-20052 12139 12140 12139 12140 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12140 clamav 12139 clamav-0.105.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.105.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.105.2-1 clamav 12140 clamav-0.105.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.105.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.105.2-1 1.0 2023-03-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 Mariner psirt@cisco.com Yes CVE-2023-20032 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 clamav 12139 clamav-0.105.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.105.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.105.2-1 clamav 12140 clamav-0.105.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.105.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.105.2-1 1.0 2023-03-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0567 https://nvd.nist.gov/vuln/detail/CVE-2023-0567 Mariner security@php.net Yes CVE-2023-0567 12139 12140 12139 12140 12139 12140 DOS:N/A 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 php 12139 php-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-cli-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-dbg-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-fpm-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-common-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-devel-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-opcache-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-ldap-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pdo-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-mysqlnd-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pgsql-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-process-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-odbc-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-soap-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-snmp-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-xml-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-mbstring-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-gd-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-bcmath-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-gmp-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-dba-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-tidy-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pdo-dblib-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-embedded-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pspell-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-intl-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-enchant-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-sodium-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-ffi-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-debuginfo-8.1.16-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.1.16-1 php 12140 php-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-cli-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-dbg-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-fpm-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-common-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-devel-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-opcache-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-ldap-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pdo-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-mysqlnd-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pgsql-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-process-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-odbc-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-soap-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-snmp-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-xml-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-mbstring-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-gd-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-bcmath-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-gmp-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-dba-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-tidy-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pdo-dblib-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-embedded-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pspell-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-intl-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-enchant-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-sodium-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-ffi-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-debuginfo-8.1.16-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.1.16-1 1.0 2023-03-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22998 https://nvd.nist.gov/vuln/detail/CVE-2023-22998 https://nvd.nist.gov/vuln/detail/CVE-2023-22998 https://nvd.nist.gov/vuln/detail/CVE-2023-22998 Mariner cve@mitre.org Yes CVE-2023-22998 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12138 kernel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 1.0 2023-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-26545 https://nvd.nist.gov/vuln/detail/CVE-2023-26545 https://nvd.nist.gov/vuln/detail/CVE-2023-26545 https://nvd.nist.gov/vuln/detail/CVE-2023-26545 https://nvd.nist.gov/vuln/detail/CVE-2023-26545 https://nvd.nist.gov/vuln/detail/CVE-2023-26545 Mariner cve@mitre.org Yes CVE-2023-26545 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12138 kernel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.102.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.102.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 hyperv-daemons 12140 hyperv-daemons-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.102.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.102.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 1.0 2023-03-04T00:00:00 <p>Information published.</p> 1.1 2023-03-13T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22999 https://nvd.nist.gov/vuln/detail/CVE-2023-22999 https://nvd.nist.gov/vuln/detail/CVE-2023-22999 https://nvd.nist.gov/vuln/detail/CVE-2023-22999 Mariner cve@mitre.org Yes CVE-2023-22999 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12138 kernel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 1.0 2023-03-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1095 https://nvd.nist.gov/vuln/detail/CVE-2023-1095 https://nvd.nist.gov/vuln/detail/CVE-2023-1095 https://nvd.nist.gov/vuln/detail/CVE-2023-1095 Mariner secalert@redhat.com Yes CVE-2023-1095 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12138 kernel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 1.0 2023-03-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22996 https://nvd.nist.gov/vuln/detail/CVE-2023-22996 https://nvd.nist.gov/vuln/detail/CVE-2023-22996 https://nvd.nist.gov/vuln/detail/CVE-2023-22996 Mariner cve@mitre.org Yes CVE-2023-22996 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-03-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 Mariner cve-assignments@hackerone.com Yes CVE-2023-23918 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12138 nodejs 12139 nodejs-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12140 nodejs-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12137 nodejs-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 nodejs 12138 nodejs-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 1.0 2023-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-27320 https://nvd.nist.gov/vuln/detail/CVE-2023-27320 https://nvd.nist.gov/vuln/detail/CVE-2023-27320 https://nvd.nist.gov/vuln/detail/CVE-2023-27320 Mariner cve@mitre.org Yes CVE-2023-27320 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12139 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12140 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12137 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12138 sudo 12139 sudo-1.9.13p3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 sudo 12140 sudo-1.9.13p3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 sudo 12137 sudo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 sudo 12138 sudo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 1.0 2023-03-06T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0934 https://nvd.nist.gov/vuln/detail/CVE-2022-0934 Mariner secalert@redhat.com Yes CVE-2022-0934 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 dnsmasq 12139 dnsmasq-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 dnsmasq 12140 dnsmasq-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 1.0 2023-03-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0461 https://nvd.nist.gov/vuln/detail/CVE-2023-0461 https://nvd.nist.gov/vuln/detail/CVE-2023-0461 https://nvd.nist.gov/vuln/detail/CVE-2023-0461 Mariner security@google.com Yes CVE-2023-0461 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20255 https://nvd.nist.gov/vuln/detail/CVE-2021-20255 Mariner secalert@redhat.com Yes CVE-2021-20255 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-27.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-27.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-27 qemu-kvm 12138 qemu-kvm-4.2.0-27.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-27.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-27 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29648 https://nvd.nist.gov/vuln/detail/CVE-2021-29648 https://nvd.nist.gov/vuln/detail/CVE-2021-29648 https://nvd.nist.gov/vuln/detail/CVE-2021-29648 Mariner cve@mitre.org Yes CVE-2021-29648 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29649 https://nvd.nist.gov/vuln/detail/CVE-2021-29649 https://nvd.nist.gov/vuln/detail/CVE-2021-29649 https://nvd.nist.gov/vuln/detail/CVE-2021-29649 Mariner cve@mitre.org Yes CVE-2021-29649 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29650 https://nvd.nist.gov/vuln/detail/CVE-2021-29650 https://nvd.nist.gov/vuln/detail/CVE-2021-29650 https://nvd.nist.gov/vuln/detail/CVE-2021-29650 Mariner cve@mitre.org Yes CVE-2021-29650 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> Mariner cve-assignments@hackerone.com Yes CVE-2021-22890 DOS:N/A 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20305 https://nvd.nist.gov/vuln/detail/CVE-2021-20305 Mariner secalert@redhat.com Yes CVE-2021-20305 12137 12138 12137 12138 12137 12138 DOS:N/A 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 nettle 12137 nettle-3.7.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nettle-devel-3.7.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nettle-debuginfo-3.7.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.2-1 nettle 12138 nettle-3.7.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nettle-devel-3.7.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nettle-debuginfo-3.7.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.2-1 1.0 2021-04-10T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-1252 https://nvd.nist.gov/vuln/detail/CVE-2021-1252 Mariner psirt@cisco.com Yes CVE-2021-1252 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 clamav 12137 clamav-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 clamav 12138 clamav-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 1.0 2021-04-15T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 Mariner cve@mitre.org Yes CVE-2021-31162 12137 12138 12137 12138 12137 12138 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 rust 12137 rust-1.59.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.59.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.59.0-1 rust 12138 rust-1.59.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.59.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.59.0-1 1.0 2021-04-17T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3487 https://nvd.nist.gov/vuln/detail/CVE-2021-3487 Mariner secalert@redhat.com Yes CVE-2021-3487 12137 12138 12137 12138 12137 12138 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 binutils 12137 binutils-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 binutils-devel-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 binutils-debuginfo-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.36.1-1 binutils 12138 binutils-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 binutils-devel-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 binutils-debuginfo-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.36.1-1 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3448 https://nvd.nist.gov/vuln/detail/CVE-2021-3448 Mariner secalert@redhat.com Yes CVE-2021-3448 12137 12138 12137 12138 12137 12138 DOS:N/A 4.0 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 12137 4.0 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 12138 dnsmasq 12137 dnsmasq-2.85-1.cm1.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.85-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.85-1 dnsmasq 12138 dnsmasq-2.85-1.cm1.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.85-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.85-1 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 Mariner cve@mitre.org Yes CVE-2021-28875 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 Mariner cve@mitre.org Yes CVE-2021-28878 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29155 https://nvd.nist.gov/vuln/detail/CVE-2021-29155 https://nvd.nist.gov/vuln/detail/CVE-2021-29155 https://nvd.nist.gov/vuln/detail/CVE-2021-29155 Mariner cve@mitre.org Yes CVE-2021-29155 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2169 https://nvd.nist.gov/vuln/detail/CVE-2021-2169 Mariner secalert_us@oracle.com Yes CVE-2021-2169 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2172 https://nvd.nist.gov/vuln/detail/CVE-2021-2172 Mariner secalert_us@oracle.com Yes CVE-2021-2172 12137 12138 12137 12138 12137 12138 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2180 https://nvd.nist.gov/vuln/detail/CVE-2021-2180 Mariner secalert_us@oracle.com Yes CVE-2021-2180 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2193 https://nvd.nist.gov/vuln/detail/CVE-2021-2193 Mariner secalert_us@oracle.com Yes CVE-2021-2193 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2196 https://nvd.nist.gov/vuln/detail/CVE-2021-2196 Mariner secalert_us@oracle.com Yes CVE-2021-2196 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2201 https://nvd.nist.gov/vuln/detail/CVE-2021-2201 Mariner secalert_us@oracle.com Yes CVE-2021-2201 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2212 https://nvd.nist.gov/vuln/detail/CVE-2021-2212 Mariner secalert_us@oracle.com Yes CVE-2021-2212 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2215 https://nvd.nist.gov/vuln/detail/CVE-2021-2215 Mariner secalert_us@oracle.com Yes CVE-2021-2215 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2226 https://nvd.nist.gov/vuln/detail/CVE-2021-2226 Mariner secalert_us@oracle.com Yes CVE-2021-2226 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2230 https://nvd.nist.gov/vuln/detail/CVE-2021-2230 Mariner secalert_us@oracle.com Yes CVE-2021-2230 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2293 https://nvd.nist.gov/vuln/detail/CVE-2021-2293 Mariner secalert_us@oracle.com Yes CVE-2021-2293 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2299 https://nvd.nist.gov/vuln/detail/CVE-2021-2299 Mariner secalert_us@oracle.com Yes CVE-2021-2299 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2300 https://nvd.nist.gov/vuln/detail/CVE-2021-2300 Mariner secalert_us@oracle.com Yes CVE-2021-2300 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2301 https://nvd.nist.gov/vuln/detail/CVE-2021-2301 Mariner secalert_us@oracle.com Yes CVE-2021-2301 12137 12138 12137 12138 12137 12138 DOS:N/A 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 12137 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2304 https://nvd.nist.gov/vuln/detail/CVE-2021-2304 Mariner secalert_us@oracle.com Yes CVE-2021-2304 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12137 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2308 https://nvd.nist.gov/vuln/detail/CVE-2021-2308 Mariner secalert_us@oracle.com Yes CVE-2021-2308 12137 12138 12137 12138 12137 12138 DOS:N/A 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 12137 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 Mariner cve@mitre.org Yes CVE-2021-28879 12137 12138 12137 12138 12137 12138 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 rust 12137 rust-1.47.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-2 rust 12138 rust-1.47.0-2.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-2 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2146 https://nvd.nist.gov/vuln/detail/CVE-2021-2146 Mariner secalert_us@oracle.com Yes CVE-2021-2146 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-27T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2166 https://nvd.nist.gov/vuln/detail/CVE-2021-2166 Mariner secalert_us@oracle.com Yes CVE-2021-2166 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-27T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-23133 https://nvd.nist.gov/vuln/detail/CVE-2021-23133 https://nvd.nist.gov/vuln/detail/CVE-2021-23133 https://nvd.nist.gov/vuln/detail/CVE-2021-23133 Mariner psirt@paloaltonetworks.com Yes CVE-2021-23133 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-28T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28965 https://nvd.nist.gov/vuln/detail/CVE-2021-28965 https://nvd.nist.gov/vuln/detail/CVE-2021-28965 https://nvd.nist.gov/vuln/detail/CVE-2021-28965 Mariner cve@mitre.org Yes CVE-2021-28965 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 ruby 12137 ruby-2.6.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 ruby-debuginfo-2.6.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.6.7-1 ruby 12138 ruby-2.6.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 ruby-debuginfo-2.6.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.6.7-1 ruby 12139 ruby-3.1.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 rubygems-3.1.6-2.cm2.noarch.rpm 0001-01-01T00:00:00 rubygems-devel-3.1.6-2.cm2.noarch.rpm 0001-01-01T00:00:00 ruby-debuginfo-3.1.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.7.4-1 ruby 12140 ruby-3.1.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 rubygems-3.1.6-2.cm2.noarch.rpm 0001-01-01T00:00:00 rubygems-devel-3.1.6-2.cm2.noarch.rpm 0001-01-01T00:00:00 ruby-debuginfo-3.1.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.7.4-1 1.0 2021-04-30T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added ruby to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3682 https://nvd.nist.gov/vuln/detail/CVE-2021-3682 Mariner secalert@redhat.com Yes CVE-2021-3682 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.5 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 12137 8.5 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 12138 8.5 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 12139 8.5 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-35.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-35.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-35 qemu-kvm 12138 qemu-kvm-4.2.0-35.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-35.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-35 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3947 https://nvd.nist.gov/vuln/detail/CVE-2021-3947 Mariner secalert@redhat.com Yes CVE-2021-3947 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 qemu-kvm 12137 qemu-kvm-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 qemu-kvm 12138 qemu-kvm-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3748 https://nvd.nist.gov/vuln/detail/CVE-2021-3748 Mariner secalert@redhat.com Yes CVE-2021-3748 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 12137 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 12138 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 12139 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 qemu-kvm 12138 qemu-kvm-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 1.0 2023-03-10T00:00:00 <p>Information published.</p> Mariner secalert@redhat.com Yes CVE-2021-4145 12139 12140 12139 12140 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12140 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2196 https://nvd.nist.gov/vuln/detail/CVE-2022-2196 https://nvd.nist.gov/vuln/detail/CVE-2022-2196 https://nvd.nist.gov/vuln/detail/CVE-2022-2196 Mariner security@google.com Yes CVE-2022-2196 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12137 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12138 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12138 kernel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.172.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.172.1-1 kernel 12139 kernel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 kernel 12140 kernel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-1 1.0 2023-01-14T00:00:00 <p>Information published.</p> 1.1 2023-03-20T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25173 https://nvd.nist.gov/vuln/detail/CVE-2023-25173 https://nvd.nist.gov/vuln/detail/CVE-2023-25173 https://nvd.nist.gov/vuln/detail/CVE-2023-25173 Mariner security-advisories@github.com Yes CVE-2023-25173 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 moby-containerd 12137 moby-containerd-1.6.6+azure-9.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.6+azure-9 moby-containerd 12138 moby-containerd-1.6.6+azure-9.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.6+azure-9 moby-containerd 12139 moby-containerd-1.6.18-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.18-2 moby-containerd 12140 moby-containerd-1.6.18-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.18-2 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-02-25T00:00:00 <p>Added moby-containerd to CBL-Mariner 2.0</p> 1.2 2023-03-20T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 Mariner cve@mitre.org Yes CVE-2022-48338 12139 12140 12139 12140 12139 12140 DOS:N/A 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 12139 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 12140 emacs 12139 emacs-28.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 emacs 12140 emacs-28.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 Mariner cve@mitre.org Yes CVE-2022-48337 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 emacs 12139 emacs-28.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 emacs 12140 emacs-28.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 1.0 2023-02-28T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45952 https://nvd.nist.gov/vuln/detail/CVE-2021-45952 Mariner cve@mitre.org Yes CVE-2021-45952 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 dnsmasq 12140 dnsmasq-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45953 https://nvd.nist.gov/vuln/detail/CVE-2021-45953 Mariner cve@mitre.org Yes CVE-2021-45953 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 dnsmasq 12140 dnsmasq-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45956 https://nvd.nist.gov/vuln/detail/CVE-2021-45956 Mariner cve@mitre.org Yes CVE-2021-45956 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 dnsmasq 12140 dnsmasq-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-3515 https://nvd.nist.gov/vuln/detail/CVE-2022-3515 https://nvd.nist.gov/vuln/detail/CVE-2022-3515 https://nvd.nist.gov/vuln/detail/CVE-2022-3515 Mariner secalert@redhat.com Yes CVE-2022-3515 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 gnupg2 12139 gnupg2-2.4.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 gnupg2-lang-2.4.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 gnupg2-debuginfo-2.4.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.0-1 gnupg2 12140 gnupg2-2.4.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 gnupg2-lang-2.4.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 gnupg2-debuginfo-2.4.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.0-1 libksba 12137 libksba-1.3.5-5.cm1.x86_64.rpm 0001-01-01T00:00:00 libksba-debuginfo-1.3.5-5.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.3.5-5 libksba 12138 libksba-1.3.5-5.cm1.aarch64.rpm 0001-01-01T00:00:00 libksba-debuginfo-1.3.5-5.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.3.5-5 1.0 2023-01-21T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23934 https://nvd.nist.gov/vuln/detail/CVE-2023-23934 Mariner security-advisories@github.com Yes CVE-2023-23934 12139 12140 12139 12140 12139 12140 DOS:N/A 3.5 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 12139 3.5 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 12140 python-werkzeug 12139 CBL-Mariner 2.2.3-1 python-werkzeug 12140 python3-werkzeug-2.2.3-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 2.2.3-1 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 Mariner security-advisories@github.com Yes CVE-2023-23936 12139 12140 12139 12140 12139 12140 DOS:N/A 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 12139 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 12140 nodejs 12139 nodejs-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12140 nodejs-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 1.0 2023-02-21T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 Mariner cve-assignments@hackerone.com Yes CVE-2023-23919 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 nodejs 12139 nodejs-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12140 nodejs-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12137 nodejs-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 nodejs 12138 nodejs-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-04T00:00:00 <p>Added nodejs to CBL-Mariner 1.0</p> 1.2 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 Mariner secalert@redhat.com Yes CVE-2021-20197 12137 12138 12137 12138 12137 12138 DOS:N/A 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 12137 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 12138 binutils 12137 binutils-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 binutils-devel-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 binutils-debuginfo-2.36.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.36.1-1 binutils 12138 binutils-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 binutils-devel-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 binutils-debuginfo-2.36.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.36.1-1 1.0 2021-04-02T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29646 https://nvd.nist.gov/vuln/detail/CVE-2021-29646 https://nvd.nist.gov/vuln/detail/CVE-2021-29646 https://nvd.nist.gov/vuln/detail/CVE-2021-29646 Mariner cve@mitre.org Yes CVE-2021-29646 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29647 https://nvd.nist.gov/vuln/detail/CVE-2021-29647 https://nvd.nist.gov/vuln/detail/CVE-2021-29647 https://nvd.nist.gov/vuln/detail/CVE-2021-29647 Mariner cve@mitre.org Yes CVE-2021-29647 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3470 https://nvd.nist.gov/vuln/detail/CVE-2021-3470 https://nvd.nist.gov/vuln/detail/CVE-2021-3470 https://nvd.nist.gov/vuln/detail/CVE-2021-3470 Mariner secalert@redhat.com Yes CVE-2021-3470 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12140 redis 12137 redis-5.0.5-7.cm1.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-5.0.5-7.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.0.5-7 redis 12138 redis-5.0.5-7.cm1.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-5.0.5-7.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.0.5-7 redis 12139 redis-6.2.6-1.cm2.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.6-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.0.5-7 redis 12140 redis-6.2.6-1.cm2.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.6-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.0.5-7 1.0 2021-04-06T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added redis to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-30002 https://nvd.nist.gov/vuln/detail/CVE-2021-30002 https://nvd.nist.gov/vuln/detail/CVE-2021-30002 https://nvd.nist.gov/vuln/detail/CVE-2021-30002 Mariner cve@mitre.org Yes CVE-2021-30002 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-07T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-30004 https://nvd.nist.gov/vuln/detail/CVE-2021-30004 https://nvd.nist.gov/vuln/detail/CVE-2021-30004 https://nvd.nist.gov/vuln/detail/CVE-2021-30004 Mariner cve@mitre.org Yes CVE-2021-30004 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 wpa_supplicant 12137 wpa_supplicant-2.9-4.cm1.x86_64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.9-4.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9-4 wpa_supplicant 12138 wpa_supplicant-2.9-4.cm1.aarch64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.9-4.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9-4 wpa_supplicant 12139 wpa_supplicant-2.10-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.10-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9-4 wpa_supplicant 12140 wpa_supplicant-2.10-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.10-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9-4 1.0 2021-04-08T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added wpa_supplicant to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2016-9795 Mariner cve@mitre.org Yes CVE-2016-9795 12137 12138 12137 12138 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 12138 kernel-headers-5.4.51-2.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-13T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-30178 https://nvd.nist.gov/vuln/detail/CVE-2021-30178 https://nvd.nist.gov/vuln/detail/CVE-2021-30178 https://nvd.nist.gov/vuln/detail/CVE-2021-30178 Mariner cve@mitre.org Yes CVE-2021-30178 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-14T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-29154 https://nvd.nist.gov/vuln/detail/CVE-2021-29154 https://nvd.nist.gov/vuln/detail/CVE-2021-29154 https://nvd.nist.gov/vuln/detail/CVE-2021-29154 Mariner cve@mitre.org Yes CVE-2021-29154 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-15T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-1386 https://nvd.nist.gov/vuln/detail/CVE-2021-1386 Mariner psirt@cisco.com Yes CVE-2021-1386 12137 12138 12137 12138 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 clamav 12137 clamav-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 clamav 12138 clamav-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 1.0 2021-04-20T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-1404 https://nvd.nist.gov/vuln/detail/CVE-2021-1404 Mariner psirt@cisco.com Yes CVE-2021-1404 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 clamav 12137 clamav-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 clamav 12138 clamav-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-1405 https://nvd.nist.gov/vuln/detail/CVE-2021-1405 Mariner psirt@cisco.com Yes CVE-2021-1405 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 clamav 12137 clamav-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 clamav 12138 clamav-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 clamav-debuginfo-0.103.2-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.103.2-1 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-36317 https://nvd.nist.gov/vuln/detail/CVE-2020-36317 Mariner cve@mitre.org Yes CVE-2020-36317 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-36323 https://nvd.nist.gov/vuln/detail/CVE-2020-36323 Mariner cve@mitre.org Yes CVE-2020-36323 12137 12138 12137 12138 12137 12138 DOS:N/A 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 12137 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 Mariner cve@mitre.org Yes CVE-2021-28876 12137 12138 12137 12138 12137 12138 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 Mariner cve@mitre.org Yes CVE-2021-28877 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 rust 12137 rust-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 rust 12138 rust-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.47.0-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.47.0-3 1.0 2021-04-23T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2164 https://nvd.nist.gov/vuln/detail/CVE-2021-2164 Mariner secalert_us@oracle.com Yes CVE-2021-2164 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2170 https://nvd.nist.gov/vuln/detail/CVE-2021-2170 Mariner secalert_us@oracle.com Yes CVE-2021-2170 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2171 https://nvd.nist.gov/vuln/detail/CVE-2021-2171 Mariner secalert_us@oracle.com Yes CVE-2021-2171 12137 12138 12137 12138 12137 12138 DOS:N/A 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2174 https://nvd.nist.gov/vuln/detail/CVE-2021-2174 Mariner secalert_us@oracle.com Yes CVE-2021-2174 12137 12138 12137 12138 12137 12138 DOS:N/A 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2179 https://nvd.nist.gov/vuln/detail/CVE-2021-2179 Mariner secalert_us@oracle.com Yes CVE-2021-2179 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2194 https://nvd.nist.gov/vuln/detail/CVE-2021-2194 Mariner secalert_us@oracle.com Yes CVE-2021-2194 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2203 https://nvd.nist.gov/vuln/detail/CVE-2021-2203 Mariner secalert_us@oracle.com Yes CVE-2021-2203 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2208 https://nvd.nist.gov/vuln/detail/CVE-2021-2208 Mariner secalert_us@oracle.com Yes CVE-2021-2208 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2217 https://nvd.nist.gov/vuln/detail/CVE-2021-2217 Mariner secalert_us@oracle.com Yes CVE-2021-2217 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2232 https://nvd.nist.gov/vuln/detail/CVE-2021-2232 Mariner secalert_us@oracle.com Yes CVE-2021-2232 12137 12138 12137 12138 12137 12138 DOS:N/A 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 12137 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2278 https://nvd.nist.gov/vuln/detail/CVE-2021-2278 Mariner secalert_us@oracle.com Yes CVE-2021-2278 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2298 https://nvd.nist.gov/vuln/detail/CVE-2021-2298 Mariner secalert_us@oracle.com Yes CVE-2021-2298 12137 12138 12137 12138 12137 12138 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2305 https://nvd.nist.gov/vuln/detail/CVE-2021-2305 Mariner secalert_us@oracle.com Yes CVE-2021-2305 12137 12138 12137 12138 12137 12138 DOS:N/A 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2307 https://nvd.nist.gov/vuln/detail/CVE-2021-2307 Mariner secalert_us@oracle.com Yes CVE-2021-2307 12137 12138 12137 12138 12137 12138 DOS:N/A 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 12137 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-36318 https://nvd.nist.gov/vuln/detail/CVE-2020-36318 Mariner cve@mitre.org Yes CVE-2020-36318 12137 12138 12137 12138 12137 12138 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 rust 12137 rust-1.59.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.59.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.59.0-1 rust 12138 rust-1.59.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 rust-debuginfo-1.59.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.59.0-1 1.0 2021-04-24T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-2162 https://nvd.nist.gov/vuln/detail/CVE-2021-2162 Mariner secalert_us@oracle.com Yes CVE-2021-2162 12137 12138 12137 12138 12137 12138 DOS:N/A 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 12137 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 12138 mysql 12137 mysql-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 mysql 12138 mysql-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.26-1 1.0 2021-04-27T00:00:00 <p>Information published.</p> 1.1 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3506 https://nvd.nist.gov/vuln/detail/CVE-2021-3506 https://nvd.nist.gov/vuln/detail/CVE-2021-3506 https://nvd.nist.gov/vuln/detail/CVE-2021-3506 Mariner secalert@redhat.com Yes CVE-2021-3506 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12137 kernel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12138 kernel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.60.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.60.1-1 kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.78.1-1 1.0 2021-04-29T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20208 https://nvd.nist.gov/vuln/detail/CVE-2021-20208 https://nvd.nist.gov/vuln/detail/CVE-2021-20208 https://nvd.nist.gov/vuln/detail/CVE-2021-20208 Mariner secalert@redhat.com Yes CVE-2021-20208 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.1 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 12137 6.1 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 12138 6.1 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 12139 6.1 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 12140 cifs-utils 12137 cifs-utils-6.8-5.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-5.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-5.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-5 cifs-utils 12138 cifs-utils-6.8-5.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-5.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-5.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-5 cifs-utils 12139 cifs-utils-6.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 cifs-utils 12140 cifs-utils-6.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 1.0 2021-04-30T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added cifs-utils to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3713 https://nvd.nist.gov/vuln/detail/CVE-2021-3713 Mariner secalert@redhat.com Yes CVE-2021-3713 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.4 7.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12137 7.4 7.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12138 7.4 7.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-36.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-36.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-36 qemu-kvm 12138 qemu-kvm-4.2.0-36.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-36.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-36 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3930 https://nvd.nist.gov/vuln/detail/CVE-2021-3930 Mariner secalert@redhat.com Yes CVE-2021-3930 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 qemu-kvm 12138 qemu-kvm-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3638 https://nvd.nist.gov/vuln/detail/CVE-2021-3638 Mariner secalert@redhat.com Yes CVE-2021-3638 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 qemu-kvm 12138 qemu-kvm-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20257 https://nvd.nist.gov/vuln/detail/CVE-2021-20257 Mariner secalert@redhat.com Yes CVE-2021-20257 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 12140 qemu-kvm 12137 qemu-kvm-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 qemu-kvm 12138 qemu-kvm-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-39.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-39 1.0 2023-03-10T00:00:00 <p>Information published.</p> Mariner secalert@redhat.com Yes CVE-2022-1050 12139 12140 12139 12140 12139 12140 DOS:N/A 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 12140 1.0 2023-03-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 Mariner cve@mitre.org Yes CVE-2022-48339 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 emacs 12139 emacs-28.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 emacs 12140 emacs-28.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 emacs-filesystem-28.2-4.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 28.2-4 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45954 https://nvd.nist.gov/vuln/detail/CVE-2021-45954 Mariner cve@mitre.org Yes CVE-2021-45954 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 dnsmasq 12140 dnsmasq-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-1 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 Mariner security-advisories@github.com Yes CVE-2023-24807 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 nodejs 12139 nodejs-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12140 nodejs-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 Mariner cve-assignments@hackerone.com Yes CVE-2023-23920 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 12139 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 12140 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 12137 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 12138 nodejs 12139 nodejs-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12140 nodejs-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.19.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.19.1-1 nodejs 12137 nodejs-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 nodejs 12138 nodejs-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.21.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.21.3-1 1.0 2023-02-28T00:00:00 <p>Information published.</p> 1.1 2023-03-04T00:00:00 <p>Added nodejs to CBL-Mariner 1.0</p> 1.2 2023-03-25T00:00:00 <p>Information published.</p>