This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | GitHub | CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42237 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42083 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42078 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43853 | Unknown |
| cna@python.org | Mariner | CVE-2024-11168 | Unknown |
| security-advisories@github.com | Mariner | CVE-2023-26484 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46863 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36481 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39291 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38588 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26933 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-41098 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42074 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39473 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42073 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39472 | Unknown |
| support@hackerone.com | Mariner | CVE-2023-46218 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21127 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21096 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21130 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21157 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21129 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21171 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-29018 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-45296 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-7006 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-43800 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-31081 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-43374 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-48949 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-47764 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38381 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-26458 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-43799 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-6277 | Unknown |
| cna@python.org | Mariner | CVE-2024-8088 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-49761 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-31083 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44974 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-31080 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42297 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42246 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43892 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42228 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43905 | Unknown |
| f5sirt@f5.com | Mariner | CVE-2024-7347 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43897 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43829 | Unknown |
| security@google.com | Mariner | CVE-2022-1055 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-52340 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-2253 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-27397 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26900 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2022-48841 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-26953 | Unknown |
| security-officer@isc.org | Mariner | CVE-2023-4408 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-3854 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-31449 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-31082 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-28180 | Unknown |
| security@golang.org | Mariner | CVE-2022-41717 | Unknown |
| cve@mitre.org | Mariner | CVE-2021-28361 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-25620 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-2881 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40548 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-5814 | Unknown |
| secalert@redhat.com | Mariner | CVE-2012-2677 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-42366 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-1543 | Unknown |
| secure@intel.com | Mariner | CVE-2019-14584 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-32610 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-1545 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2023-6935 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21239 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21241 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-50495 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2023-6936 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-50228 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-25431 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40549 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40551 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-49767 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40546 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-27418 | Unknown |
| security@php.net | Mariner | CVE-2024-11233 | Unknown |
| security@apache.org | Mariner | CVE-2024-47554 | Unknown |
| security@php.net | Mariner | CVE-2024-11234 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-9355 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31852 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-5288 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2023-6937 | Unknown |
| psirt@nvidia.com | Mariner | CVE-2024-0134 | Unknown |
| security@ubuntu.com | Mariner | CVE-2022-28737 | Unknown |
| security@ubuntu.com | Mariner | CVE-2022-4968 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-5991 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21237 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21236 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21218 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21230 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-7264 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26908 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21231 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21247 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21193 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21207 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21160 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21173 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21212 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21213 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21199 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21201 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21163 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21194 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21162 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21165 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21238 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21197 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21203 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21196 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2004 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-20996 | Unknown |
| support@hackerone.com | Mariner | CVE-2023-46219 | Unknown |
| cve-coordination@google.com | Mariner | CVE-2022-1941 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21142 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21159 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21134 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21125 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-52890 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-24806 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21135 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21166 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21219 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39474 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-43884 | Unknown |
| secalert_us@oracle.com | Mariner | CVE-2024-21198 | Unknown |
| security@php.net | Mariner | CVE-2024-8932 | Unknown |
| security@php.net | Mariner | CVE-2024-8929 | Unknown |
| security@php.net | Mariner | CVE-2024-11236 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40550 | Unknown |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | Mariner | CVE-2024-2398 | Unknown |
| facts@wolfssl.com | Mariner | CVE-2024-1544 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-30205 | Unknown |
| security@google.com | Mariner | CVE-2022-3474 | Unknown |
| openssl-security@openssl.org | Mariner | CVE-2024-6119 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-33876 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42072 | Unknown |
| security@golang.org | Mariner | CVE-2023-45288 | Unknown |
| cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
| security-officer@isc.org | Mariner | CVE-2023-5517 | Unknown |
| security@apache.org | Mariner | CVE-2024-38473 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26913 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-45590 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-36477 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42075 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-44946 | Unknown |
| security@golang.org | Mariner | CVE-2022-32149 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-3847 | Unknown |
| security@apache.org | Mariner | CVE-2024-39884 | Unknown |
| cve@mitre.org | Mariner | CVE-2023-31084 | Unknown |
| security@apache.org | Mariner | CVE-2024-38472 | Unknown |
| glibc-cna@sourceware.org | Mariner | CVE-2024-33602 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-29166 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2022-48788 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38664 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39485 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-42071 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-39483 | Unknown |
| security@apache.org | Mariner | CVE-2024-36387 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-26978 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-38577 | Unknown |
| security-officer@isc.org | Mariner | CVE-2023-5679 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-3650 | Unknown |
| security@golang.org | Mariner | CVE-2024-24786 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
| security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31950 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-44070 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-31951 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-27913 | Unknown |
| security@golang.org | Mariner | CVE-2023-3978 | Unknown |
| cve@mitre.org | Mariner | CVE-2021-43565 | Unknown |
| cve-assign@fb.com | Mariner | CVE-2021-24032 | Unknown |
| Microsoft | Microsoft Defender for Endpoint | CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-12053 | Chromium: CVE-2024-12053 Type Confusion in V8 |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft | Microsoft Office | ADV240002 | Microsoft Office Defense in Depth Update |
| Microsoft | Microsoft Office | CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office | CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Publisher | CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Word | CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft | Role: DNS Server | CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability |
| Microsoft | Role: Windows Hyper-V | CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft | System Center Operations Manager | CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Common Log File System Driver | CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows File Explorer | CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability |
| Microsoft | Windows IP Routing Management Snapin | CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| Microsoft | Windows Kernel | CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft | Windows Kernel-Mode Drivers | CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| Microsoft | Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Microsoft | Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows Mobile Broadband | CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Desktop | CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Resilient File System (ReFS) | CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Routing and Remote Access Service (RRAS) | CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Microsoft | Windows Task Scheduler | CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability |
| Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Microsoft | Windows Wireless Wide Area Network Service | CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Microsoft | WmsRepair Service | CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43594
MITRE NVD Issuing CNA: Microsoft |
CVE Title: System Center Operations Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation requires the victim to install an affected version of the product which would trigger the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43594 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| System Center Operations Manager (SCOM) 2019 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.19.10652.0 | Maybe | None |
| System Center Operations Manager (SCOM) 2022 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.22.10684.0 | Maybe | None |
| System Center Operations Manager (SCOM) 2025 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.25.10132.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43594 | R4nger & Zhiniang Peng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49057
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender for Endpoint on Android Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user must install and use a specially-crafted malicious application on their Android device. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49057 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Defender for Endpoint for Android | Release Notes (Security Update) | Important | Spoofing | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
1.0.7128.0101 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-49057 | Dimitrios Valsamaras with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49059
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49059 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 4475587 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 4475587 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-49059 | Sandro Poppi |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49064
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49064 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Information Disclosure | 5002654 5002501 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Information Disclosure | 5002650 5002422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
| Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Information Disclosure | 5002651 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49064 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49068
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:7.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and some loss of integrity (I:L) and no loss of availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49068 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Elevation of Privilege | 5002654 5002501 |
Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Elevation of Privilege | 5002650 5002422 |
Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
| Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Elevation of Privilege | 5002651 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49068 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49069
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49069 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002660 (Security Update) | Important | Remote Code Execution | 5002653 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1002 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002660 (Security Update) | Important | Remote Code Execution | 5002653 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1002 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49069 | boolgombear Jmini |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49070
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49070 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Remote Code Execution | 5002654 5002501 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Remote Code Execution | 5002650 5002422 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
| Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Remote Code Execution | 5002651 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49070 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49073
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49073 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49073 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49074
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49074 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| CVE ID | Acknowledgements |
| CVE-2024-49074 | diversenok |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49084
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49084 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49084 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49085
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49085 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49085 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49086
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49086 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49086 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49087
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49087 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49087 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49089
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users. Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49089 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49089 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49091
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Domain Name Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49091 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49091 | luckyu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49092
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49092 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49092 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49093
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49093 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49093 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49094
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49094 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49094 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49096
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49096 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49096 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49097
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49097 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49097 | Jongseong Kim (nevul37) with Ajou University Hyeongseok Jang (rotiple) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49098
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49098 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49098 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49099
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49099 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49099 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49101
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49101 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49101 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49102
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49102 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49102 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49103
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49103 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49103 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49104
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49104 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49104 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49106
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49106 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49106 | k0shl with Kunlun Lab VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49107
MITRE NVD Issuing CNA: Microsoft |
CVE Title: WmsRepair Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would be able to delete any system files. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49107 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49107 | BochengXiang(@Crispr) with FDU Minghao Lin |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49108
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49108 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49108 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49111
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs physical access to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49111 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49111 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49115
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49115 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49115 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49117
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How would an attacker exploit this vulnerability? This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49117 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49117 | Agustin Toribio Moreno with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49119
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49119 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49119 | VictorV(Tang tianwen) with Kunlun Lab SmallerDragon |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49120
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49120 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49120 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49121
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49121 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49121 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49122
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49122 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49122 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49123
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49123 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49123 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49124
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49124 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49124 | Wei in Kunlun Lab with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49125
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49125 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49125 | Nirmala Nawale with Microsoft Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49126
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is network (AV:N), privilege required is none (PR:N), and user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server's account through a network call. The attacker needs no privileges nor does the user need to perform any action. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49126 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49126 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49129
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? An unauthenticated attacker could exploit the vulnerability by connecting to a Remote Desktop server and then sending a malicious http request to the server. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49129 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49129 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49132
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49132 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49132 | Jose Polo Bolano with Microsoft VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49142
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49142 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002641 (Security Update) | Important | Remote Code Execution | 4504711 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002641 (Security Update) | Important | Remote Code Execution | 4504711 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1004 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-49142 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2024-12053
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2024-12053 Type Confusion in V8
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 06-Dec-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-12053 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
131.0.2903.86 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-12053 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV240002
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Defense in Depth Update
CVSS: None Executive Summary: Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Moderate | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| ADV240002 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Project 2016 (32-bit edition) | 5002652 (Security Update) | Moderate | Defense in Depth | 5002561 | Base: N/A Temporal: N/A Vector: N/A |
16.0.5478.1000 | Maybe | None |
| Microsoft Project 2016 (64-bit edition) | 5002652 (Security Update) | Moderate | Defense in Depth | 5002561 | Base: N/A Temporal: N/A Vector: N/A |
16.0.5478.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| ADV240002 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43600
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43600 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Office 2016 (32-bit edition) | 5002661 (Security Update) 2920716 (Security Update) 4475587 (Security Update) |
Important | Elevation of Privilege | 5002642 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 16.0.5478.1004 |
Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002661 (Security Update) 2920716 (Security Update) 4475587 (Security Update) |
Important | Elevation of Privilege | 5002642 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 16.0.5478.1004 |
Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-43600 | @sim0nsecurity |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49062
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49062 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) 5002544 (Security Update) |
Important | Information Disclosure | 5002654 5002501 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002657 (Security Update) 5002664 (Security Update) |
Important | Information Disclosure | 5002650 5002422 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes Maybe |
None |
| Microsoft SharePoint Server Subscription Edition | 5002658 (Security Update) | Important | Information Disclosure | 5002651 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.0.17928.20290 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49062 | Markus Wulftange with CODE WHITE GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49063
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft/Muzic Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.3
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. How could an attacker exploit the vulnerability? An attacker could craft a malicious payload that executes arbitrary code upon deserialization. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49063 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft/Muzic | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
196.0 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-49063 | CyFrA |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49065
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), or integrity (I:N), but has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability cannot access or modify any sensitive user data but can cause user data to become unavailable. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Is the Attachment Preview Pane an attack vector for this vulnerability? Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49065 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.92.24120731 | Maybe | None |
| Microsoft SharePoint Enterprise Server 2016 | 5002659 (Security Update) | Important | Remote Code Execution | 5002654 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002657 (Security Update) | Important | Remote Code Execution | 5002650 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.10416.20026 | Yes | None |
| Microsoft Word 2016 (32-bit edition) | 5002661 (Security Update) | Important | Remote Code Execution | 5002642 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| Microsoft Word 2016 (64-bit edition) | 5002661 (Security Update) | Important | Remote Code Execution | 5002642 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
16.0.5478.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-49065 | Quan Jin with DBAPPSecurity WeBin Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49072
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Task Scheduler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49072 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49072 | Florian Schweins |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49075
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49075 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49075 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49076
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges would an attacker gain by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could load a non-Microsoft DLL into an enclave, potentially leading to code execution within the context of the target enclave. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49076 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49076 | Alex Ionescu, working for Winsider Seminars & Solutions, Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49077
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49077 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49077 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49078
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49078 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49078 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49079
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Input Method Editor (IME) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49079 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49079 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49080
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49080 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Remote Code Execution | 5046665 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Remote Code Execution | 5046613 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Remote Code Execution | 5046633 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Remote Code Execution | 5046617 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Remote Code Execution | 5046661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Remote Code Execution | 5046687 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Remote Code Execution | 5046697 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Remote Code Execution | 5046682 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Remote Code Execution | 5046612 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Remote Code Execution | 5046615 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5046616 5046698 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Remote Code Execution | 5046618 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49080 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49081
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49081 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49081 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49082
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows File Explorer Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of the user's folders and personal data. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires the victim to perform a specific file management operation to trigger the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49082 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Information Disclosure | 5046665 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Information Disclosure | 5046665 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Information Disclosure | 5046612 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Information Disclosure | 5046612 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Information Disclosure | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Information Disclosure | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Information Disclosure | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Information Disclosure | 5046661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Information Disclosure | 5046661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Information Disclosure | 5046661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Information Disclosure | 5046661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Information Disclosure | 5046687 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Information Disclosure | 5046687 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Information Disclosure | 5046697 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Information Disclosure | 5046697 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Information Disclosure | 5046682 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Information Disclosure | 5046682 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Information Disclosure | 5046612 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Information Disclosure | 5046612 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Information Disclosure | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5046616 5046698 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Information Disclosure | 5046616 5046698 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Information Disclosure | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Information Disclosure | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49082 | st4nly0n working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49083
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49083 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49083 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49088
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49088 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048667 (Security Update) 5048794 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2605 10.0.26100.2528 |
Yes No |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048667 (Security Update) 5048794 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2605 10.0.26100.2528 |
Yes No |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49088 | dkdfcd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49090
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49090 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49090 | luckyu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49095
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49095 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49095 | Jongseong Kim (nevul37) with Ajou University Hyeongseok Jang (rotiple) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49109
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49109 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49109 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49110
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49110 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49110 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49112
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. Mitigations: Is there any action a customer can take to protect against this vulnerability if they are unable to apply the update? Ensure that domain controllers are configured either to not access the internet or to not allow inbound RPC from untrusted networks. While either mitigation will protect your system from this vulnerability, we recommend applying both configurations to provide an effective defense-in-depth against this vulnerability. Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49112 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49112 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49113
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49113 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Denial of Service | 5046665 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Denial of Service | 5046613 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Denial of Service | 5046633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Denial of Service | 5046617 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Denial of Service | 5046661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Denial of Service | 5046687 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Denial of Service | 5046697 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Denial of Service | 5046682 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Denial of Service | 5046612 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Denial of Service | 5046615 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5046616 5046698 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Denial of Service | 5046618 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49113 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49114
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49114 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048667 (Security Update) 5048794 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2605 10.0.26100.2528 |
Yes No |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048667 (Security Update) 5048794 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2605 10.0.26100.2528 |
Yes No |
5048667 |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49114 | Mateusz Jurczyk with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49116
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49116 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49116 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49118
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an attacker to invest a significant amount of time to exploit the vulnerability if the race condition is not won. How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49118 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49118 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49127
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49127 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Critical | Remote Code Execution | 5046665 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Critical | Remote Code Execution | 5046613 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Critical | Remote Code Execution | 5046633 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Critical | Remote Code Execution | 5046617 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Critical | Remote Code Execution | 5046661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Critical | Remote Code Execution | 5046687 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49127 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49128
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49128 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Critical | Remote Code Execution | 5046697 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Critical | Remote Code Execution | 5046682 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Critical | Remote Code Execution | 5046612 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Critical | Remote Code Execution | 5046615 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Critical | Remote Code Execution | 5046616 5046698 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Critical | Remote Code Execution | 5046618 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49128 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49138
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 10-Dec-24 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49138 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 for x64-based Systems | 5048703 (Security Update) | Important | Elevation of Privilege | 5046665 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20857 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 1809 for x64-based Systems | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows 10 Version 21H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5247 | Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5048652 (Security Update) | Important | Elevation of Privilege | 5046613 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5247 | Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 22H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 23H2 for x64-based Systems | 5048685 (Security Update) | Important | Elevation of Privilege | 5046633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4602 |
Yes | 5048685 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows 11 Version 24H2 for x64-based Systems | 5048794 (SecurityHotpatchUpdate) 5048667 (Security Update) |
Important | Elevation of Privilege | 5046617 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2605 |
No Yes |
5048667 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5048710 (Monthly Rollup) 5048744 (Security Only) |
Important | Elevation of Privilege | 5046661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23016 |
Yes | 5048710 5048744 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5048695 (Monthly Rollup) 5048676 (Security Only) |
Important | Elevation of Privilege | 5046687 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27467 | Yes | None |
| Windows Server 2012 | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5048699 (Monthly Rollup) | Important | Elevation of Privilege | 5046697 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25222 | Yes | None |
| Windows Server 2012 R2 | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5048735 (Monthly Rollup) | Important | Elevation of Privilege | 5046682 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22318 | Yes | None |
| Windows Server 2016 | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5048671 (Security Update) | Important | Elevation of Privilege | 5046612 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7606 | Yes | None |
| Windows Server 2019 | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2019 (Server Core installation) | 5048661 (Security Update) | Important | Elevation of Privilege | 5046615 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6659 |
Yes | 5048661 |
| Windows Server 2022 | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022 (Server Core installation) | 5048654 (Security Update) 5048800 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5046616 5046698 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2966 10.0.20348.2908 |
Yes | 5048654 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5048653 (Security Update) | Important | Elevation of Privilege | 5046618 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1308 | Yes | None |
| Windows Server 2025 | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| Windows Server 2025 (Server Core installation) | 5048794 (SecurityHotpatchUpdate) 5048794 (Security Hotpatch Update) |
Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2528 10.0.26100.2520 |
No | None | |
| CVE ID | Acknowledgements |
| CVE-2024-49138 | Advanced Research Team with CrowdStrike |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
| CVE-2024-49041
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 05-Dec-24 Information published. |
Moderate | Spoofing | ||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49041 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Spoofing | None | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
131.0.2903.86 | No | None |
| CVE ID | Acknowledgements |
| CVE-2024-49041 | Haifei Li with Check Point Research Peter Girnus of Trend Micro Zero Day Initiative Sazzad Mahmud Tomal |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-45288
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Apr-24 Information published. 1.0 20-Apr-24 Information published. 1.0 30-Jun-24 Information published. 1.0 02-Jul-24 Information published. 1.0 12-Jul-24 Information published. 1.0 07-Aug-24 Information published. 1.0 08-Aug-24 Information published. 1.0 09-Aug-24 Information published. 1.0 10-Aug-24 Information published. 1.0 11-Aug-24 Information published. 1.0 12-Aug-24 Information published. 1.0 15-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 17-Aug-24 Information published. 1.0 18-Aug-24 Information published. 1.0 19-Aug-24 Information published. 1.0 20-Aug-24 Information published. 1.0 21-Aug-24 Information published. 1.0 22-Aug-24 Information published. 1.0 23-Aug-24 Information published. 1.0 24-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 14-Sep-24 Information published. 1.0 15-Sep-24 Information published. 1.0 16-Sep-24 Information published. 1.0 17-Sep-24 Information published. 1.0 18-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 2.0 15-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 3.0 16-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 4.0 17-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 5.0 18-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.0 19-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.0 20-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.0 21-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.0 22-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.0 23-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.0 24-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.0 25-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.0 26-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.0 27-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 15.0 28-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 16.0 29-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 17.0 30-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 18.0 31-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 19.0 01-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 20.0 02-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 21.0 04-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 22.0 05-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 23.0 06-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 24.0 07-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 25.0 08-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 26.0 09-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 27.0 10-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 28.0 11-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 29.0 12-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 30.0 13-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 31.0 14-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 32.0 15-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 33.0 16-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 34.0 17-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 35.0 18-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 36.0 19-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 37.0 20-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 38.0 21-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 39.0 23-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 40.0 24-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 41.0 25-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 42.0 26-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 43.0 27-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 44.0 28-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 45.0 29-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 46.0 30-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 47.0 01-Dec-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 48.0 02-Dec-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 49.0 03-Dec-24 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 50.0 04-Dec-24 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 51.0 05-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 52.0 07-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 53.0 08-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 54.0 09-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 55.0 10-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45288 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.3.0-1 1.12.12-1 1.11.1-2 |
None | ||
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.3.0-1 1.12.12-1 1.11.1-2 |
None | ||
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.1.2-3 1.11.2-9 1.11.1-8 |
None | ||
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.1.2-3 1.11.2-9 1.11.1-8 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-45288 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2007-4559
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 25-Sep-20 Information published. 2.0 16-Dec-21 Added python3 to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 08-Jul-24 Information published. 1.0 09-Jul-24 Information published. 1.0 10-Jul-24 Information published. 1.0 12-Jul-24 Information published. 1.0 13-Jul-24 Information published. 1.0 14-Jul-24 Information published. 1.0 15-Jul-24 Information published. 1.0 16-Jul-24 Information published. 1.0 17-Jul-24 Information published. 1.0 19-Jul-24 Information published. 1.0 20-Jul-24 Information published. 1.0 21-Jul-24 Information published. 1.0 22-Jul-24 Information published. 1.0 23-Jul-24 Information published. 1.0 24-Jul-24 Information published. 1.0 25-Jul-24 Information published. 1.0 26-Jul-24 Information published. 1.0 27-Jul-24 Information published. 1.0 28-Jul-24 Information published. 1.0 29-Jul-24 Information published. 1.0 02-Aug-24 Information published. 1.0 03-Aug-24 Information published. 1.0 04-Aug-24 Information published. 1.0 05-Aug-24 Information published. 1.0 06-Aug-24 Information published. 1.0 07-Aug-24 Information published. 1.0 08-Aug-24 Information published. 1.0 09-Aug-24 Information published. 1.0 10-Aug-24 Information published. 1.0 11-Aug-24 Information published. 1.0 12-Aug-24 Information published. 1.0 15-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 17-Aug-24 Information published. 1.0 18-Aug-24 Information published. 1.0 19-Aug-24 Information published. 1.0 20-Aug-24 Information published. 1.0 21-Aug-24 Information published. 1.0 22-Aug-24 Information published. 1.0 23-Aug-24 Information published. 1.0 24-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 12-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 14-Sep-24 Information published. 1.0 15-Sep-24 Information published. 1.0 16-Sep-24 Information published. 1.0 17-Sep-24 Information published. 1.0 18-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 3.0 15-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 4.0 16-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 5.0 17-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 6.0 18-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 7.0 19-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 8.0 20-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 9.0 21-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 10.0 22-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.0 23-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.0 24-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.0 25-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.0 26-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.0 27-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.0 28-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.0 29-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.0 30-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.0 31-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 20.0 01-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 21.0 02-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 22.0 04-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 23.0 05-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 24.0 06-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 25.0 07-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 26.0 08-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 27.0 09-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 28.0 10-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 29.0 11-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 30.0 12-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 31.0 13-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 32.0 14-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 33.0 15-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 34.0 16-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 35.0 17-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 36.0 18-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 37.0 19-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 38.0 20-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 39.0 21-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 40.0 23-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 41.0 24-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 42.0 25-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 43.0 26-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 44.0 27-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 45.0 28-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 46.0 29-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 47.0 30-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 48.0 01-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 49.0 02-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 50.0 03-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 51.0 04-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 52.0 05-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 53.0 07-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 54.0 08-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 55.0 09-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 56.0 10-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2007-4559 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
| CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
| CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2007-4559 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-20277
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 2.0 16-Oct-24 Added samba to Azure Linux 3.0 3.0 17-Oct-24 Added samba to Azure Linux 3.0 4.0 18-Oct-24 Added samba to Azure Linux 3.0 5.0 19-Oct-24 Added samba to Azure Linux 3.0 6.0 20-Oct-24 Added samba to Azure Linux 3.0 7.0 21-Oct-24 Added samba to Azure Linux 3.0 8.0 22-Oct-24 Added samba to Azure Linux 3.0 9.0 23-Oct-24 Added samba to Azure Linux 3.0 10.0 24-Oct-24 Added samba to Azure Linux 3.0 11.0 25-Oct-24 Added samba to Azure Linux 3.0 12.0 26-Oct-24 Added samba to Azure Linux 3.0 13.0 27-Oct-24 Added samba to Azure Linux 3.0 14.0 28-Oct-24 Added samba to Azure Linux 3.0 15.0 29-Oct-24 Added samba to Azure Linux 3.0 16.0 30-Oct-24 Added samba to Azure Linux 3.0 17.0 31-Oct-24 Added samba to Azure Linux 3.0 18.0 01-Nov-24 Added samba to Azure Linux 3.0 19.0 02-Nov-24 Added samba to Azure Linux 3.0 20.0 04-Nov-24 Added samba to Azure Linux 3.0 21.0 05-Nov-24 Added samba to Azure Linux 3.0 22.0 06-Nov-24 Added samba to Azure Linux 3.0 23.0 07-Nov-24 Added samba to Azure Linux 3.0 24.0 08-Nov-24 Added samba to Azure Linux 3.0 25.0 09-Nov-24 Added samba to Azure Linux 3.0 26.0 10-Nov-24 Added samba to Azure Linux 3.0 27.0 11-Nov-24 Added samba to Azure Linux 3.0 28.0 12-Nov-24 Added samba to Azure Linux 3.0 29.0 13-Nov-24 Added samba to Azure Linux 3.0 30.0 14-Nov-24 Added samba to Azure Linux 3.0 31.0 15-Nov-24 Added samba to Azure Linux 3.0 32.0 16-Nov-24 Added samba to Azure Linux 3.0 33.0 17-Nov-24 Added samba to Azure Linux 3.0 34.0 18-Nov-24 Added samba to Azure Linux 3.0 35.0 19-Nov-24 Added samba to Azure Linux 3.0 36.0 20-Nov-24 Added samba to Azure Linux 3.0 37.0 21-Nov-24 Added samba to Azure Linux 3.0 38.0 23-Nov-24 Added samba to Azure Linux 3.0 39.0 24-Nov-24 Added samba to Azure Linux 3.0 40.0 25-Nov-24 Added samba to Azure Linux 3.0 41.0 26-Nov-24 Added samba to Azure Linux 3.0 42.0 27-Nov-24 Added samba to Azure Linux 3.0 43.0 28-Nov-24 Added samba to Azure Linux 3.0 44.0 29-Nov-24 Added samba to Azure Linux 3.0 45.0 30-Nov-24 Added samba to Azure Linux 3.0 46.0 01-Dec-24 Added samba to Azure Linux 3.0 47.0 02-Dec-24 Added samba to Azure Linux 3.0 48.0 03-Dec-24 Added samba to Azure Linux 3.0 49.0 04-Dec-24 Added samba to Azure Linux 3.0 50.0 05-Dec-24 Added samba to Azure Linux 3.0 51.0 07-Dec-24 Added samba to Azure Linux 3.0 52.0 08-Dec-24 Added samba to Azure Linux 3.0 53.0 09-Dec-24 Added samba to Azure Linux 3.0 54.0 10-Dec-24 Added samba to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-20277 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-20277 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-3474
MITRE NVD Issuing CNA: security@google.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:4.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 29-Oct-22 Information published. 2.0 03-Dec-24 Added bazel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-3474 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | bazel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
5.3.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | bazel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
5.3.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-3474 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-6119
MITRE NVD Issuing CNA: openssl-security@openssl.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 25-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added edk2 to Azure Linux 3.0 Added openssl to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 3.0 28-Nov-24 Added hvloader to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added edk2 to Azure Linux 3.0 Added openssl to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 4.0 03-Dec-24 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added hvloader to CBL-Mariner 2.0 Added edk2 to Azure Linux 3.0 Added openssl to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6119 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) edk2 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-2 20240524git3e722403cd16-3 3.3.2-1 |
None | ||
| Azure Linux 3.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) edk2 (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-2 20240524git3e722403cd16-3 3.3.2-1 |
None | ||
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-2 1.0.1-6 |
None | ||
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) hvloader (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
38.0.72.2-2 1.0.1-6 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-6119 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33876
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 30-Jun-24 Information published. 2.0 03-Dec-24 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33876 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33876 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-36477
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36477 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36477 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42075
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42075 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42075 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-44946
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 4.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44946 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-44946 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-45590
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 2.0 16-Oct-24 Added reaper to CBL-Mariner 2.0 Added python-tensorboard to Azure Linux 3.0 3.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 Added python-tensorboard to Azure Linux 3.0 4.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 Added python-tensorboard to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-45590 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | python-tensorboard (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.16.2-5 | Unknown | None |
| Azure Linux 3.0 x64 | python-tensorboard (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.16.2-5 | Unknown | None |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-45590 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5517
MITRE NVD Issuing CNA: security-officer@isc.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Feb-24 Information published. 1.0 30-Jun-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5517 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| Azure Linux 3.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| CBL Mariner 2.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CBL Mariner 2.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-5517 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38473
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Jul-24 Information published. 1.0 15-Aug-24 Information published. 2.0 03-Dec-24 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38473 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 8.1 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.4.61-1 | Unknown | None |
| Azure Linux 3.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 8.1 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 8.1 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 8.1 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38473 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26913
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26913 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26913 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39474
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39474 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39474 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43884
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 4.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43884 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.51.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.51.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43884 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21198
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21198 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21198 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21219
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21219 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21219 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-24806
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Feb-24 Information published. 2.0 15-Feb-24 Added libuv to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 05-Oct-24 Information published. 3.0 04-Dec-24 Added cmake to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added libuv to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added libuv to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-24806 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) libuv (CBL-Mariner) nodejs (CBL-Mariner) python-gevent (CBL-Mariner) |
Unknown | Unknown | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.28.2-6 1.48.0-1 20.14.0-1 23.9.1-3 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) libuv (CBL-Mariner) nodejs (CBL-Mariner) python-gevent (CBL-Mariner) |
Unknown | Unknown | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.28.2-6 1.48.0-1 20.14.0-1 23.9.1-3 |
None | ||
| CBL Mariner 2.0 ARM | libuv (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
1.43.0-2 18.18.2-4 |
None | ||
| CBL Mariner 2.0 x64 | libuv (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
1.43.0-2 18.18.2-4 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-24806 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21135
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21135 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21135 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21166
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21166 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21166 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-2398
MITRE NVD Issuing CNA: 2499f714-1537-4658-8207-48ae4bb9eae9 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.6/TemporalScore:8.6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 05-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 05-Oct-24 Information published. 2.0 23-Oct-24 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 3.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 4.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 5.0 28-Nov-24 Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 6.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2398 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.30.3-2 8.8.0-1 8.0.40-1 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.30.3-2 8.8.0-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.21.4-14 8.8.0-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.21.4-14 8.8.0-1 8.0.40-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-2398 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-1544
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.1/TemporalScore:4.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1544 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 4.1 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 4.1 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-1544 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-30205
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 2.0 07-Dec-24 Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30205 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
29.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
29.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
29.3-1 | Unknown | None |
| CBL Mariner 2.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
29.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-30205 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-40550
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 5.0 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-40550 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-3 | None | ||
| Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-3 | None | ||
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-1 | None | ||
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-1 | None | ||
| CVE ID | Acknowledgements |
| CVE-2023-40550 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-8932
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8932 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
8.1.31-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
8.1.31-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-8932 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-8929
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.8/TemporalScore:5.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8929 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.8 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
8.1.31-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.8 Temporal: 5.8 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
8.1.31-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-8929 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-11236
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-11236 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
8.1.31-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
8.1.31-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-11236 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-32149
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Nov-23 Information published. 2.0 24-Jan-24 Added sriov-network-device-plugin to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 3.0 15-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 4.0 16-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.0 17-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.0 18-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.0 19-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.0 20-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.0 21-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.0 22-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.0 23-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.0 24-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.0 25-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 14.0 26-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 15.0 27-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 16.0 28-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 17.0 29-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 18.0 30-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 19.0 31-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 20.0 01-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 21.0 02-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 22.0 04-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 23.0 05-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 24.0 06-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 25.0 07-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 26.0 08-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 27.0 09-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 28.0 10-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 29.0 11-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 30.0 12-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 31.0 13-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 32.0 14-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 33.0 15-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 34.0 16-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 35.0 17-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 36.0 18-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 37.0 19-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 38.0 20-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 39.0 21-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 40.0 23-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 41.0 24-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 42.0 25-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 43.0 26-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 44.0 27-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 45.0 28-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 46.0 29-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 47.0 30-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 48.0 01-Dec-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 49.0 02-Dec-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 50.0 03-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 51.0 04-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 52.0 05-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 53.0 07-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 54.0 08-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 55.0 09-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 56.0 10-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-32149 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
| Azure Linux 3.0 x64 | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
| CBL Mariner 2.0 ARM | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-22 8.4.0-21 1.55.0-20 2.13.0-22 |
None | ||
| CBL Mariner 2.0 x64 | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-22 8.4.0-21 1.55.0-20 2.13.0-22 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2022-32149 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-6104
MITRE NVD Issuing CNA: security@hashicorp.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 05-Aug-24 Information published. 1.0 15-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 17-Aug-24 Information published. 1.0 18-Aug-24 Information published. 1.0 19-Aug-24 Information published. 1.0 20-Aug-24 Information published. 1.0 21-Aug-24 Information published. 1.0 22-Aug-24 Information published. 1.0 23-Aug-24 Information published. 1.0 24-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 14-Sep-24 Information published. 1.0 15-Sep-24 Information published. 1.0 16-Sep-24 Information published. 1.0 17-Sep-24 Information published. 1.0 18-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 2.0 15-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 3.0 16-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 4.0 17-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 5.0 18-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 6.0 19-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.0 20-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.0 21-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.0 22-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.0 23-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.0 24-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.0 25-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.0 26-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.0 27-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.0 28-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 16.0 29-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 17.0 30-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 18.0 31-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 19.0 01-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 20.0 02-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 21.0 04-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 22.0 05-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 23.0 06-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 24.0 07-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 25.0 08-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 26.0 09-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 27.0 10-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 28.0 11-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 29.0 12-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 30.0 13-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 31.0 14-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 32.0 15-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 33.0 16-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 34.0 17-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 35.0 18-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 36.0 19-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 37.0 20-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 38.0 21-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 39.0 23-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 40.0 24-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 41.0 25-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 42.0 26-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 43.0 27-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 44.0 28-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 45.0 29-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 46.0 30-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 47.0 01-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 48.0 02-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 49.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 50.0 04-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 51.0 05-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 52.0 07-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 53.0 08-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 54.0 09-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 55.0 10-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6104 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libcontainers-common (CBL-Mariner) cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
20240213-2 1.12.12-3 2.7.3-5 2.14.0-2 |
None | ||
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) libcontainers-common (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.12.12-3 2.7.3-5 2.14.0-2 20240213-2 |
None | ||
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.11.2-12 2.6.1-15 2.4.0-22 1.9.5-2 |
None | ||
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.11.2-12 2.6.1-15 2.4.0-22 1.9.5-2 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-6104 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2020-27840
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 2.0 16-Oct-24 Added samba to Azure Linux 3.0 3.0 17-Oct-24 Added samba to Azure Linux 3.0 4.0 18-Oct-24 Added samba to Azure Linux 3.0 5.0 19-Oct-24 Added samba to Azure Linux 3.0 6.0 20-Oct-24 Added samba to Azure Linux 3.0 7.0 21-Oct-24 Added samba to Azure Linux 3.0 8.0 22-Oct-24 Added samba to Azure Linux 3.0 9.0 23-Oct-24 Added samba to Azure Linux 3.0 10.0 24-Oct-24 Added samba to Azure Linux 3.0 11.0 25-Oct-24 Added samba to Azure Linux 3.0 12.0 26-Oct-24 Added samba to Azure Linux 3.0 13.0 27-Oct-24 Added samba to Azure Linux 3.0 14.0 28-Oct-24 Added samba to Azure Linux 3.0 15.0 29-Oct-24 Added samba to Azure Linux 3.0 16.0 30-Oct-24 Added samba to Azure Linux 3.0 17.0 31-Oct-24 Added samba to Azure Linux 3.0 18.0 01-Nov-24 Added samba to Azure Linux 3.0 19.0 02-Nov-24 Added samba to Azure Linux 3.0 20.0 04-Nov-24 Added samba to Azure Linux 3.0 21.0 05-Nov-24 Added samba to Azure Linux 3.0 22.0 06-Nov-24 Added samba to Azure Linux 3.0 23.0 07-Nov-24 Added samba to Azure Linux 3.0 24.0 08-Nov-24 Added samba to Azure Linux 3.0 25.0 09-Nov-24 Added samba to Azure Linux 3.0 26.0 10-Nov-24 Added samba to Azure Linux 3.0 27.0 11-Nov-24 Added samba to Azure Linux 3.0 28.0 12-Nov-24 Added samba to Azure Linux 3.0 29.0 13-Nov-24 Added samba to Azure Linux 3.0 30.0 14-Nov-24 Added samba to Azure Linux 3.0 31.0 15-Nov-24 Added samba to Azure Linux 3.0 32.0 16-Nov-24 Added samba to Azure Linux 3.0 33.0 17-Nov-24 Added samba to Azure Linux 3.0 34.0 18-Nov-24 Added samba to Azure Linux 3.0 35.0 19-Nov-24 Added samba to Azure Linux 3.0 36.0 20-Nov-24 Added samba to Azure Linux 3.0 37.0 21-Nov-24 Added samba to Azure Linux 3.0 38.0 23-Nov-24 Added samba to Azure Linux 3.0 39.0 24-Nov-24 Added samba to Azure Linux 3.0 40.0 25-Nov-24 Added samba to Azure Linux 3.0 41.0 26-Nov-24 Added samba to Azure Linux 3.0 42.0 27-Nov-24 Added samba to Azure Linux 3.0 43.0 28-Nov-24 Added samba to Azure Linux 3.0 44.0 29-Nov-24 Added samba to Azure Linux 3.0 45.0 30-Nov-24 Added samba to Azure Linux 3.0 46.0 01-Dec-24 Added samba to Azure Linux 3.0 47.0 02-Dec-24 Added samba to Azure Linux 3.0 48.0 03-Dec-24 Added samba to Azure Linux 3.0 49.0 04-Dec-24 Added samba to Azure Linux 3.0 50.0 05-Dec-24 Added samba to Azure Linux 3.0 51.0 07-Dec-24 Added samba to Azure Linux 3.0 52.0 08-Dec-24 Added samba to Azure Linux 3.0 53.0 09-Dec-24 Added samba to Azure Linux 3.0 54.0 10-Dec-24 Added samba to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27840 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2020-27840 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-32746
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 2.0 16-Oct-24 Added samba to Azure Linux 3.0 3.0 17-Oct-24 Added samba to Azure Linux 3.0 4.0 18-Oct-24 Added samba to Azure Linux 3.0 5.0 19-Oct-24 Added samba to Azure Linux 3.0 6.0 20-Oct-24 Added samba to Azure Linux 3.0 7.0 21-Oct-24 Added samba to Azure Linux 3.0 8.0 22-Oct-24 Added samba to Azure Linux 3.0 9.0 23-Oct-24 Added samba to Azure Linux 3.0 10.0 24-Oct-24 Added samba to Azure Linux 3.0 11.0 25-Oct-24 Added samba to Azure Linux 3.0 12.0 26-Oct-24 Added samba to Azure Linux 3.0 13.0 27-Oct-24 Added samba to Azure Linux 3.0 14.0 28-Oct-24 Added samba to Azure Linux 3.0 15.0 29-Oct-24 Added samba to Azure Linux 3.0 16.0 30-Oct-24 Added samba to Azure Linux 3.0 17.0 31-Oct-24 Added samba to Azure Linux 3.0 18.0 01-Nov-24 Added samba to Azure Linux 3.0 19.0 02-Nov-24 Added samba to Azure Linux 3.0 20.0 04-Nov-24 Added samba to Azure Linux 3.0 21.0 05-Nov-24 Added samba to Azure Linux 3.0 22.0 06-Nov-24 Added samba to Azure Linux 3.0 23.0 07-Nov-24 Added samba to Azure Linux 3.0 24.0 08-Nov-24 Added samba to Azure Linux 3.0 25.0 09-Nov-24 Added samba to Azure Linux 3.0 26.0 10-Nov-24 Added samba to Azure Linux 3.0 27.0 11-Nov-24 Added samba to Azure Linux 3.0 28.0 12-Nov-24 Added samba to Azure Linux 3.0 29.0 13-Nov-24 Added samba to Azure Linux 3.0 30.0 14-Nov-24 Added samba to Azure Linux 3.0 31.0 15-Nov-24 Added samba to Azure Linux 3.0 32.0 16-Nov-24 Added samba to Azure Linux 3.0 33.0 17-Nov-24 Added samba to Azure Linux 3.0 34.0 18-Nov-24 Added samba to Azure Linux 3.0 35.0 19-Nov-24 Added samba to Azure Linux 3.0 36.0 20-Nov-24 Added samba to Azure Linux 3.0 37.0 21-Nov-24 Added samba to Azure Linux 3.0 38.0 23-Nov-24 Added samba to Azure Linux 3.0 39.0 24-Nov-24 Added samba to Azure Linux 3.0 40.0 25-Nov-24 Added samba to Azure Linux 3.0 41.0 26-Nov-24 Added samba to Azure Linux 3.0 42.0 27-Nov-24 Added samba to Azure Linux 3.0 43.0 28-Nov-24 Added samba to Azure Linux 3.0 44.0 29-Nov-24 Added samba to Azure Linux 3.0 45.0 30-Nov-24 Added samba to Azure Linux 3.0 46.0 01-Dec-24 Added samba to Azure Linux 3.0 47.0 02-Dec-24 Added samba to Azure Linux 3.0 48.0 03-Dec-24 Added samba to Azure Linux 3.0 49.0 04-Dec-24 Added samba to Azure Linux 3.0 50.0 05-Dec-24 Added samba to Azure Linux 3.0 51.0 07-Dec-24 Added samba to Azure Linux 3.0 52.0 08-Dec-24 Added samba to Azure Linux 3.0 53.0 09-Dec-24 Added samba to Azure Linux 3.0 54.0 10-Dec-24 Added samba to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-32746 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
4.18.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
4.18.3-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-32746 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-1393
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 03-Apr-23 Information published. 1.0 30-Jun-24 Information published. 1.0 11-Sep-24 Information published. 1.0 12-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 14-Sep-24 Information published. 1.0 15-Sep-24 Information published. 1.0 16-Sep-24 Information published. 1.0 17-Sep-24 Information published. 1.0 18-Sep-24 Information published. 1.0 19-Sep-24 Information published. 1.0 20-Sep-24 Information published. 1.0 21-Sep-24 Information published. 1.0 22-Sep-24 Information published. 1.0 23-Sep-24 Information published. 1.0 24-Sep-24 Information published. 1.0 25-Sep-24 Information published. 1.0 26-Sep-24 Information published. 1.0 27-Sep-24 Information published. 1.0 28-Sep-24 Information published. 1.0 29-Sep-24 Information published. 1.0 30-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 02-Oct-24 Information published. 1.0 03-Oct-24 Information published. 1.0 04-Oct-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 1.0 13-Oct-24 Information published. 1.0 14-Oct-24 Information published. 2.0 15-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 3.0 16-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.0 17-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.0 18-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.0 19-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.0 20-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.0 21-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.0 22-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.0 23-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.0 24-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.0 25-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 13.0 26-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 14.0 27-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 15.0 28-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 16.0 29-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 17.0 30-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 18.0 31-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 19.0 01-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 20.0 02-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 21.0 04-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 22.0 05-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 23.0 06-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 24.0 07-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 25.0 08-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 26.0 09-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 27.0 10-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 28.0 11-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 29.0 12-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 30.0 13-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 31.0 14-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 32.0 15-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 33.0 16-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 34.0 17-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 35.0 18-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 36.0 19-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 37.0 20-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 38.0 21-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 39.0 23-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 40.0 24-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 41.0 25-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 42.0 26-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 43.0 27-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 44.0 28-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 45.0 29-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 46.0 30-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 47.0 01-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 48.0 02-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 49.0 03-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 50.0 04-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 51.0 05-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 52.0 07-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 53.0 08-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 54.0 09-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 55.0 10-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-1393 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
| Azure Linux 3.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-1393 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-5679
MITRE NVD Issuing CNA: security-officer@isc.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Feb-24 Information published. 1.0 30-Jun-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5679 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| Azure Linux 3.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| CBL Mariner 2.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CBL Mariner 2.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-5679 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-3650
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Apr-24 Information published. 1.0 30-Jun-24 Information published. 2.0 03-Dec-24 Added ceph to CBL-Mariner 2.0 Added ceph to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-3650 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
18.2.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
18.2.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
16.2.10-3 | Unknown | None |
| CBL Mariner 2.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
16.2.10-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-3650 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-24786
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Mar-24 Information published. 2.0 01-Apr-24 Added node-problem-detector to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 02-Jul-24 Information published. 1.0 10-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 12-Oct-24 Information published. 3.0 16-Oct-24 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.0 01-Nov-24 Added kubernetes to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.0 08-Nov-24 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.0 14-Nov-24 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.0 27-Nov-24 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.0 04-Dec-24 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.0 07-Dec-24 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-24786 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cf-cli (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 2.3.0-1 1.12.12-1 8.7.3-3 |
None | ||
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cf-cli (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 2.3.0-1 1.12.12-1 8.7.3-3 |
None | ||
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 1.11.2-14 3.2.0.azl2-1 |
None | ||
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kata-containers (CBL-Mariner) kata-containers-cc (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.24.0-1 1.11.2-14 3.2.0.azl2-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-24786 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-3978
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Aug-23 Information published. 2.0 18-Jan-24 Added packer to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 10-Jul-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 12-Oct-24 Information published. 3.0 15-Oct-24 Added multus to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added cert-manager to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 4.0 01-Nov-24 Added cni-plugins to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 5.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added cni-plugins to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-3978 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) prometheus-adapter (CBL-Mariner) |
Unknown | Unknown | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.12.12-1 1.2.0-1 4.0.2-2 0.12.0-1 |
None | ||
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) prometheus-adapter (CBL-Mariner) |
Unknown | Unknown | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.12.12-1 1.2.0-1 4.0.2-2 0.12.0-1 |
None | ||
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) cni-plugins (CBL-Mariner) multus (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.11.2-14 1.3.0-6 4.0.2-5 1.10.1-1 |
None | ||
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) cni-plugins (CBL-Mariner) multus (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.11.2-14 1.3.0-6 4.0.2-5 1.10.1-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-3978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-43565
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Jul-24 Information published. 1.0 05-Aug-24 Information published. 1.0 18-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added cf-cli to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-43565 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | libcontainers-common (CBL-Mariner) cf-cli (CBL-Mariner) cri-o (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
20210626-5 8.4.0-18 1.22.3-5 2.13.0-19 |
None | ||
| CBL Mariner 2.0 x64 | cf-cli (CBL-Mariner) cri-o (CBL-Mariner) gh (CBL-Mariner) libcontainers-common (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.4.0-18 1.22.3-5 2.13.0-19 20210626-5 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2021-43565 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-24032
MITRE NVD Issuing CNA: cve-assign@fb.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jul-21 Information published. 2.0 08-Apr-24 Added ceph to CBL-Mariner 2.0 3.0 03-Dec-24 Added ceph to CBL-Mariner 2.0 Added zstd to CBL-Mariner 1.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24032 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | zstd (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.4.9-1 | Unknown | None |
| CBL Mariner 1.0 x64 | zstd (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.4.9-1 | Unknown | None |
| CBL Mariner 2.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
16.2.10-3 | Unknown | None |
| CBL Mariner 2.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
16.2.10-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-24032 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27913
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added frr to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27913 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
8.5.5-1 | Unknown | None |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
8.5.5-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27913 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31950
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added frr to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31950 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
8.5.5-1 | Unknown | None |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
8.5.5-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31950 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-44070
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added frr to CBL-Mariner 2.0 Added frr to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44070 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.1.1-2 | Unknown | None |
| Azure Linux 3.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.1.1-2 | Unknown | None |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-1 | Unknown | None |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-44070 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31951
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 05-Nov-24 Added frr to CBL-Mariner 2.0 3.0 03-Dec-24 Added frr to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31951 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-1 | Unknown | None |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.5.5-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31951 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-33602
MITRE NVD Issuing CNA: glibc-cna@sourceware.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-May-24 Information published. 1.0 12-Jul-24 Information published. 2.0 03-Dec-24 Added glibc to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33602 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.35-7 | Unknown | None |
| CBL Mariner 2.0 x64 | glibc (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.35-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-33602 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29166
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 30-Jun-24 Information published. 2.0 03-Dec-24 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29166 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29166 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-48788
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-48788 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.32.1-3 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.32.1-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-48788 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38472
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Jul-24 Information published. 1.0 15-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38472 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| Azure Linux 3.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38472 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-3847
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-3847 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-3847 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39884
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.2/TemporalScore:6.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Jul-24 Information published. 1.0 15-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 21-Nov-24 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 3.0 03-Dec-24 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39884 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 6.2 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| Azure Linux 3.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 6.2 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 6.2 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 6.2 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39884 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-31084
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01-Sep-23 Information published. 1.0 15-Aug-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 2.0 03-Dec-24 Added hyperv-daemons to CBL-Mariner 2.0 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-31084 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.158.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.158.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-31084 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-36387
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Jul-24 Information published. 1.0 15-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36387 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.4.61-1 | Unknown | None |
| Azure Linux 3.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.4.61-1 | Unknown | None |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.4.61-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36387 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26978
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26978 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38577
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38577 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38577 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39483
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39483 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39483 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38664
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38664 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38664 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39485
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39485 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39485 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42071
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42071 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42071 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42072
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42072 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42072 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43892
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43892 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43892 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42228
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Aug-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42228 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42297
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42297 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42297 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42246
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Aug-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42246 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42246 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43897
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43897 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43897 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43829
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43829 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43829 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43905
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43905 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43905 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-7347
MITRE NVD Issuing CNA: f5sirt@f5.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 15-Oct-24 Added nginx to Azure Linux 3.0 Added nginx to CBL-Mariner 2.0 3.0 03-Dec-24 Added nginx to CBL-Mariner 2.0 Added nginx to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7347 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nginx (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.25.4-2 | Unknown | None |
| Azure Linux 3.0 x64 | nginx (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.25.4-2 | Unknown | None |
| CBL Mariner 2.0 ARM | nginx (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.22.1-12 | Unknown | None |
| CBL Mariner 2.0 x64 | nginx (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.22.1-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-7347 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6277
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 19-Aug-24 Information published. 1.0 20-Aug-24 Information published. 1.0 21-Aug-24 Information published. 1.0 22-Aug-24 Information published. 1.0 23-Aug-24 Information published. 1.0 24-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added libtiff to CBL-Mariner 2.0 Added libtiff to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6277 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| Azure Linux 3.0 x64 | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| CBL Mariner 2.0 ARM | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| CBL Mariner 2.0 x64 | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6277 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8088
MITRE NVD Issuing CNA: cna@python.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 26-Sep-24 Information published. 2.0 15-Oct-24 Added python3 to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added python3 to CBL-Mariner 2.0 3.0 03-Dec-24 Added python3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8088 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | python3 (CBL-Mariner) tensorflow (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
3.12.3-4 2.16.1-7 |
None | ||
| Azure Linux 3.0 x64 | python3 (CBL-Mariner) tensorflow (CBL-Mariner) |
Unknown | Unknown | Base: N/A Temporal: N/A Vector: N/A |
3.12.3-4 2.16.1-7 |
None | ||
| CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-5 | Unknown | None |
| CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-8088 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26458
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 05-Oct-24 Information published. 2.0 15-Oct-24 Added krb5 to Azure Linux 3.0 Added krb5 to CBL-Mariner 2.0 3.0 03-Dec-24 Added krb5 to CBL-Mariner 2.0 Added krb5 to Azure Linux 3.0 4.0 08-Dec-24 Added krb5 to CBL-Mariner 2.0 Added krb5 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26458 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | krb5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
1.21.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | krb5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
1.21.3-2 | Unknown | None |
| CBL Mariner 2.0 ARM | krb5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
1.21.3-2 | Unknown | None |
| CBL Mariner 2.0 x64 | krb5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
1.21.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26458 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43799
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 3.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43799 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43799 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-44974
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 4.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44974 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.51.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.51.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-44974 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31080
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 05-Oct-24 Information published. 2.0 03-Dec-24 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31080 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31080 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-49761
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. 2.0 03-Dec-24 Added ruby to CBL-Mariner 2.0 Added rubygem-rexml to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49761 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | ruby (CBL-Mariner) rubygem-rexml (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.4-8 3.2.7-3 |
None | ||
| CBL Mariner 2.0 x64 | ruby (CBL-Mariner) rubygem-rexml (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.4-8 3.2.7-3 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-49761 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31083
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 05-Oct-24 Information published. 2.0 03-Dec-24 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31083 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-11 | Unknown | None |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-11 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31083 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31449
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 01-Nov-24 Added redis to CBL-Mariner 2.0 3.0 14-Nov-24 Added valkey to Azure Linux 3.0 Added redis to CBL-Mariner 2.0 4.0 03-Dec-24 Added redis to CBL-Mariner 2.0 Added valkey to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31449 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | valkey (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
8.0.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | valkey (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
8.0.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.2.14-3 | Unknown | None |
| CBL Mariner 2.0 x64 | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.2.14-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31449 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31082
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 05-Oct-24 Information published. 2.0 03-Dec-24 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31082 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31082 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-4408
MITRE NVD Issuing CNA: security-officer@isc.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Feb-24 Information published. 1.0 30-Jun-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-4408 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| Azure Linux 3.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.19.21-1 | Unknown | None |
| CBL Mariner 2.0 ARM | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CBL Mariner 2.0 x64 | bind (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
9.16.48-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-4408 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-3854
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Apr-24 Information published. 1.0 30-Jun-24 Information published. 2.0 03-Dec-24 Added ceph to CBL-Mariner 2.0 Added ceph to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-3854 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
18.2.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
18.2.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
16.2.10-3 | Unknown | None |
| CBL Mariner 2.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
16.2.10-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-3854 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-28361
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Apr-24 Information published. 2.0 03-Dec-24 Added ceph to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28361 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
16.2.10-3 | Unknown | None |
| CBL Mariner 2.0 x64 | ceph (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
16.2.10-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2021-28361 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-25620
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.4/TemporalScore:6.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 18-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added helm to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-25620 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) helm (CBL-Mariner) |
Unknown | Unknown | Base: 6.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
1.12.12-2 3.13.2-3 |
None | ||
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) helm (CBL-Mariner) |
Unknown | Unknown | Base: 6.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
1.12.12-2 3.13.2-3 |
None | ||
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) | Unknown | Unknown | None | Base: 6.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
1.11.2-12 | Unknown | None |
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) | Unknown | Unknown | None | Base: 6.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
1.11.2-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-25620 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-28180
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:4.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Apr-24 Information published. 1.0 30-Jun-24 Information published. 1.0 16-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 05-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 12-Oct-24 Information published. 2.0 16-Oct-24 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 3.0 01-Nov-24 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 4.0 09-Nov-24 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 5.0 14-Nov-24 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 6.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28180 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) dcos-cli (CBL-Mariner) keda (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.12.12-1 1.2.0-16 2.14.0-1 1.30.1-1 |
None | ||
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) dcos-cli (CBL-Mariner) keda (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.12.12-1 1.2.0-16 2.14.0-1 1.30.1-1 |
None | ||
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) dcos-cli (CBL-Mariner) |
Unknown | Unknown | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.11.2-14 1.55.0-20 1.21.7-2 1.2.0-19 |
None | ||
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) dcos-cli (CBL-Mariner) |
Unknown | Unknown | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.11.2-14 1.55.0-20 1.21.7-2 1.2.0-19 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-28180 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-41717
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Dec-22 Information published. 2.0 24-Jan-24 Added sriov-network-device-plugin to CBL-Mariner 2.0 3.0 12-Feb-24 Added nmi to CBL-Mariner 2.0 4.0 11-Apr-24 Added cri-o to CBL-Mariner 2.0 1.0 30-Jun-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 05-Oct-24 Information published. 5.0 16-Oct-24 Added prometheus to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added golang to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added golang to CBL-Mariner 1.0 6.0 03-Dec-24 Added containerized-data-importer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added golang to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added golang to CBL-Mariner 1.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-41717 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | moby-engine (CBL-Mariner) prometheus (CBL-Mariner) sriov-network-device-plugin (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
25.0.3-1 2.45.4-1 3.7.0-1 |
None | ||
| Azure Linux 3.0 x64 | moby-engine (CBL-Mariner) prometheus (CBL-Mariner) sriov-network-device-plugin (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
25.0.3-1 2.45.4-1 3.7.0-1 |
None | ||
| CBL Mariner 1.0 ARM | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.18.8-2 | Unknown | None |
| CBL Mariner 1.0 x64 | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.18.8-2 | Unknown | None |
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) golang (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
10.24.0-1 1.55.0-20 1.22.3-1 1.18.8-2 |
None | ||
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) golang (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
10.24.0-1 1.55.0-20 1.22.3-1 1.18.8-2 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2022-41717 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-2253
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Jun-23 Information published. 1.0 08-Jun-23 Information published. 1.0 30-Jun-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 13-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-2253 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) moby-engine (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.12.12-1 25.0.3-1 |
None | ||
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) moby-engine (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.12.12-1 25.0.3-1 |
None | ||
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) helm (CBL-Mariner) moby-cli (CBL-Mariner) moby-compose (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.11.2-14 3.13.2-1 20.10.27-1 2.17.3-5 |
None | ||
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) helm (CBL-Mariner) moby-cli (CBL-Mariner) moby-compose (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.11.2-14 3.13.2-1 20.10.27-1 2.17.3-5 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-2253 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-3727
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.3/TemporalScore:8.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 10-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 19-Sep-24 Information published. 2.0 03-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.0 04-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.0 05-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.0 07-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.0 08-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 7.0 09-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 8.0 10-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-3727 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libcontainers-common (CBL-Mariner) containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
20240213-2 1.57.0-2 0.29.0-1 1.14.4-1 |
None | ||
| Azure Linux 3.0 x64 | containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) libcontainers-common (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.57.0-2 0.29.0-1 20240213-2 1.14.4-1 |
None | ||
| CBL Mariner 2.0 ARM | libcontainers-common (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
20210626-7 1.55.0-19 1.22.3-4 1.14.2-4 |
None | ||
| CBL Mariner 2.0 x64 | containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) libcontainers-common (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.55.0-19 1.22.3-4 20210626-7 1.14.2-4 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-3727 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-1055
MITRE NVD Issuing CNA: security@google.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Apr-22 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-1055 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 1.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.10.111.1-1 | Unknown | None |
| CBL Mariner 1.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.10.111.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.32.1-3 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.32.1-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-1055 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-52340
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-52340 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
5.15.148.2-2 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
5.15.148.2-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-52340 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-48841
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-48841 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-48841 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-26953
MITRE NVD Issuing CNA: cve@kernel.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-May-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 2.0 03-Dec-24 Added hyperv-daemons to CBL-Mariner 2.0 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26953 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26953 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27397
MITRE NVD Issuing CNA: cve@kernel.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 05-Oct-24 Information published. 1.0 06-Oct-24 Information published. 1.0 07-Oct-24 Information published. 1.0 08-Oct-24 Information published. 1.0 09-Oct-24 Information published. 1.0 10-Oct-24 Information published. 1.0 11-Oct-24 Information published. 1.0 12-Oct-24 Information published. 2.0 09-Nov-24 Added hyperv-daemons to Azure Linux 3.0 Added hyperv-daemons to CBL-Mariner 2.0 3.0 03-Dec-24 Added hyperv-daemons to CBL-Mariner 2.0 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27397 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.56.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.56.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27397 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26900
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26900 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.159.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.159.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26900 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38381
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 4.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38381 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
6.6.51.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38381 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-38588
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38588 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-38588 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-26933
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26933 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26933 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-36481
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36481 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-36481 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39291
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Jul-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39291 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
6.6.35.1-4 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
5.15.160.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39291 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39473
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39473 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39473 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42073
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42073 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42073 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-41098
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Aug-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-41098 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-41098 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42074
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42074 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42074 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42078
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42078 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42078 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42083
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42083 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42083 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-42237
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 10-Aug-24 Information published. 1.0 16-Aug-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.43.1-7 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.162.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-42237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43853
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 3.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43853 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-46863
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 2.0 01-Nov-24 Added kernel to CBL-Mariner 2.0 3.0 09-Nov-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 4.0 03-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46863 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.56.1-5 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-46863 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-26484
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:8.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 03-Dec-24 Added kubevirt to CBL-Mariner 2.0 Added kubevirt to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-26484 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kubevirt (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
1.2.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | kubevirt (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
1.2.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kubevirt (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
0.59.0-20 | Unknown | None |
| CBL Mariner 2.0 x64 | kubevirt (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |
0.59.0-20 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-26484 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-11168
MITRE NVD Issuing CNA: cna@python.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 03-Dec-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-11168 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-7 | Unknown | None |
| CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-7 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-11168 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-7006
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 25-Aug-24 Information published. 1.0 26-Aug-24 Information published. 1.0 27-Aug-24 Information published. 1.0 28-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 03-Dec-24 Added libtiff to CBL-Mariner 2.0 Added libtiff to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7006 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.6.0-4 | Unknown | None |
| Azure Linux 3.0 x64 | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.6.0-4 | Unknown | None |
| CBL Mariner 2.0 ARM | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| CBL Mariner 2.0 x64 | libtiff (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.6.0-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-7006 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43800
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 3.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43800 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43800 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-29018
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added moby-engine to Azure Linux 3.0 Added moby-engine to CBL-Mariner 2.0 3.0 03-Dec-24 Added moby-engine to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-29018 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | moby-engine (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
25.0.3-6 | Unknown | None |
| Azure Linux 3.0 x64 | moby-engine (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
25.0.3-6 | Unknown | None |
| CBL Mariner 2.0 ARM | moby-engine (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
24.0.9-9 | Unknown | None |
| CBL Mariner 2.0 x64 | moby-engine (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
24.0.9-9 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-29018 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-45296
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 3.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-45296 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-45296 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-48949
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 3.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48949 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-48949 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47764
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 16-Oct-24 Information published. 2.0 25-Oct-24 Added reaper to CBL-Mariner 2.0 3.0 03-Dec-24 Added reaper to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47764 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.1.1-13 | Unknown | None |
| CBL Mariner 2.0 x64 | reaper (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.1.1-13 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47764 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31081
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-24 Information published. 1.0 05-Oct-24 Information published. 2.0 03-Dec-24 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31081 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
1.20.10-11 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31081 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-43374
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.5/TemporalScore:4.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 03-Dec-24 Added vim to CBL-Mariner 2.0 Added vim to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43374 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
9.0.2190-5 | Unknown | None |
| Azure Linux 3.0 x64 | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
9.0.2190-5 | Unknown | None |
| CBL Mariner 2.0 ARM | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
9.0.2121-3 | Unknown | None |
| CBL Mariner 2.0 x64 | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
9.0.2121-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-43374 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21127
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21127 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21127 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21096
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 5.0 07-Dec-24 Added mariadb to Azure Linux 3.0 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21096 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
10.11.10-1 8.0.40-1 |
None | ||
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
10.11.10-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21096 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-39472
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.0 12-Oct-24 Information published. 2.0 15-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 04-Dec-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-39472 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.47.1-1 | Unknown | None |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.15.167.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-39472 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-46218
MITRE NVD Issuing CNA: support@hackerone.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Dec-23 Information published. 2.0 12-Dec-23 Added mysql to CBL-Mariner 2.0 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 3.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 4.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 5.0 20-Nov-24 Added cmake to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 6.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added cmake to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-46218 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.29.6-1 8.0.40-1 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.29.6-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.21.4-13 8.5.0-1 8.0.35-2 |
None | ||
| CBL Mariner 2.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.21.4-13 8.5.0-1 8.0.35-2 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-46218 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21129
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21129 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21129 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21171
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21171 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21171 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21130
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21130 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21130 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21157
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21157 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21157 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21160
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21160 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21160 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21173
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21173 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21173 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21193
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21193 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21193 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21207
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21207 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21207 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21199
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21199 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21199 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21201
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21201 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21201 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21212
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21212 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21212 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21213
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:4.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21213 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21213 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21218
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21218 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21218 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21230
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21230 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21230 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21237
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:2.2/TemporalScore:2.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21236
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21236 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21236 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21231
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.1/TemporalScore:3.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21231 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21231 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21247
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.8/TemporalScore:3.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21247 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21247 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-7264
MITRE NVD Issuing CNA: 2499f714-1537-4658-8207-48ae4bb9eae9 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7264 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-7264 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-26908
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 2.0 04-Dec-24 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26908 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-26908 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-46219
MITRE NVD Issuing CNA: support@hackerone.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Dec-23 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 23-Oct-24 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 3.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 4.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 5.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-46219 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.29.6-1 8.0.40-1 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.29.6-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
8.5.0-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
8.5.0-1 8.0.40-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2023-46219 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-1941
MITRE NVD Issuing CNA: cve-coordination@google.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 18-Aug-24 Information published. 2.0 15-Oct-24 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added protobuf to CBL-Mariner 2.0 3.0 23-Oct-24 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 4.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 5.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 6.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-1941 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | grpc (CBL-Mariner) keras (CBL-Mariner) mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.62.0-2 3.1.1-1 8.0.40-1 25.3-1 |
None | ||
| Azure Linux 3.0 x64 | grpc (CBL-Mariner) keras (CBL-Mariner) mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.62.0-2 3.1.1-1 8.0.40-1 25.3-1 |
None | ||
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 3.17.3-3 |
None | ||
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 3.17.3-3 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2022-1941 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-2004
MITRE NVD Issuing CNA: 2499f714-1537-4658-8207-48ae4bb9eae9 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.5/TemporalScore:3.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 05-Aug-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 1.0 01-Oct-24 Information published. 1.0 05-Oct-24 Information published. 2.0 23-Oct-24 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 3.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 4.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 5.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2004 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
3.30.3-2 8.8.0-1 8.0.40-1 |
None | ||
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
3.30.3-2 8.8.0-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
8.8.0-1 8.0.40-1 |
None | ||
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
8.8.0-1 8.0.40-1 |
None | ||
| CVE ID | Acknowledgements |
| CVE-2024-2004 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-20996
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20996 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-20996 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21134
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:4.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21134 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21134 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21125
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21125 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21125 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21142
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21142 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21142 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21159
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21159 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21159 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21162
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21162 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21162 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21165
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21165 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21165 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21163
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21163 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21163 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21194
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21194 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21194 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21203
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21203 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21203 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21196
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21196 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21196 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21238
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21238 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21238 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21197
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21197 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21197 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21239
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21239 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21239 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-21241
MITRE NVD Issuing CNA: secalert_us@oracle.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-Oct-24 Information published. 2.0 25-Oct-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 09-Nov-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 4.0 04-Dec-24 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21241 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
8.0.40-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-21241 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-1545
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1545 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-1545 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6935
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6935 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6935 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50228
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50228 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.57.1-5 | Unknown | None |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.57.1-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-50228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-25431
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 20-Nov-24 Information published. 2.0 26-Nov-24 Added fluent-bit to Azure Linux 3.0 Added fluent-bit to CBL-Mariner 2.0 3.0 07-Dec-24 Added fluent-bit to Azure Linux 3.0 Added fluent-bit to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-25431 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
3.1.9-1 | Unknown | None |
| Azure Linux 3.0 x64 | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
3.1.9-1 | Unknown | None |
| CBL Mariner 2.0 ARM | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.2.3-5 | Unknown | None |
| CBL Mariner 2.0 x64 | fluent-bit (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.2.3-5 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-25431 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-50495
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-50495 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | ncurses (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
6.4-3 | Unknown | None |
| CBL Mariner 2.0 x64 | ncurses (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
6.4-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-50495 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6936
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6936 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6936 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-5814
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5814 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-5814 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2012-2677
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2012-2677 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
8.0.40-4 | Unknown | None |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
8.0.40-4 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2012-2677 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-2881
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2881 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-2881 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-40548
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 5.0 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-40548 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
| Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-1 | None | ||
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-1 | None | ||
| CVE ID | Acknowledgements |
| CVE-2023-40548 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2019-14584
MITRE NVD Issuing CNA: secure@intel.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. 2.0 08-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.0 09-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.0 10-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2019-14584 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim-unsigned-aarch64 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | Unknown | None |
| Azure Linux 3.0 x64 | shim-unsigned-aarch64 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2019-14584 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-32610
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-May-24 Information published. 1.0 30-Jun-24 Information published. 2.0 07-Dec-24 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32610 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4.3-1 | Unknown | None |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
1.14.4-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-32610 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-42366
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 20-Nov-24 Information published. 2.0 07-Dec-24 Added busybox to Azure Linux 3.0 Added busybox to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-42366 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | busybox (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.36.1-9 | Unknown | None |
| Azure Linux 3.0 x64 | busybox (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.36.1-9 | Unknown | None |
| CBL Mariner 2.0 ARM | busybox (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.35.0-12 | Unknown | None |
| CBL Mariner 2.0 x64 | busybox (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.35.0-12 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-42366 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-1543
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-1543 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-1543 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-5288
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.1/TemporalScore:5.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5288 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-5288 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-6937
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6937 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-6937 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-9355
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-9355 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.23.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.23.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-9355 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-31852
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 16-Aug-24 Information published. 1.0 18-Aug-24 Information published. 2.0 09-Nov-24 Added libcxx to Azure Linux 3.0 Added rust to Azure Linux 3.0 Added llvm to Azure Linux 3.0 Added rust to CBL-Mariner 2.0 3.0 07-Dec-24 Added rust to CBL-Mariner 2.0 Added libcxx to Azure Linux 3.0 Added llvm to Azure Linux 3.0 Added rust to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31852 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | libcxx (CBL-Mariner) llvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
18.1.2-3 1.75.0-9 |
None | ||
| Azure Linux 3.0 x64 | libcxx (CBL-Mariner) llvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
18.1.2-3 1.75.0-9 |
None | ||
| CBL Mariner 2.0 ARM | rust (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.72.0-8 | Unknown | None |
| CBL Mariner 2.0 x64 | rust (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.72.0-8 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-31852 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-4968
MITRE NVD Issuing CNA: security@ubuntu.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-4968 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | netplan (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
1.0.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | netplan (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
1.0.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-4968 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-5991
MITRE NVD Issuing CNA: facts@wolfssl.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5991 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.11.10-1 | Unknown | None |
| Azure Linux 3.0 x64 | mariadb (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.11.10-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-5991 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-0134
MITRE NVD Issuing CNA: psirt@nvidia.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.1/TemporalScore:4.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-0134 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | nvidia-container-toolkit (CBL-Mariner) | Unknown | Unknown | None | Base: 4.1 Temporal: 4.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
1.17.1-1 | Unknown | None |
| Azure Linux 3.0 x64 | nvidia-container-toolkit (CBL-Mariner) | Unknown | Unknown | None | Base: 4.1 Temporal: 4.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
1.17.1-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-0134 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2022-28737
MITRE NVD Issuing CNA: security@ubuntu.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.0 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.0 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 5.0 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-28737 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
| Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-1 | Unknown | None |
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2022-28737 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-49767
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49767 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | python-werkzeug (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.0.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | python-werkzeug (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.0.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-49767 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-40546
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 5.0 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-40546 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
| Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
| CVE ID | Acknowledgements |
| CVE-2023-40546 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-40549
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 5.0 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-40549 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
| Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
| CVE ID | Acknowledgements |
| CVE-2023-40549 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-40551
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.1/TemporalScore:5.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 2.0 07-Dec-24 Added shim to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-40551 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
15.8-3 | Unknown | None |
| Azure Linux 3.0 x64 | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
15.8-3 | Unknown | None |
| CBL Mariner 2.0 ARM | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
15.8-1 | Unknown | None |
| CBL Mariner 2.0 x64 | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 5.1 Temporal: 5.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
15.8-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-40551 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-47554
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:4.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Nov-24 Information published. 2.0 07-Dec-24 Added apache-commons-io to CBL-Mariner 2.0 Added apache-commons-io to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47554 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.14.0-1 | Unknown | None |
| Azure Linux 3.0 x64 | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.14.0-1 | Unknown | None |
| CBL Mariner 2.0 ARM | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.14.0-1 | Unknown | None |
| CBL Mariner 2.0 x64 | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.14.0-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-47554 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-11234
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:7.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-11234 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.2 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
8.1.31-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.2 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
8.1.31-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-11234 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27418
MITRE NVD Issuing CNA: cve@kernel.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 23-May-24 Information published. 2.0 09-Dec-24 Added hyperv-daemons to CBL-Mariner 2.0 3.0 10-Dec-24 Added hyperv-daemons to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27418 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.2-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-27418 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2024-11233
MITRE NVD Issuing CNA: security@php.net |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.2/TemporalScore:8.2
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 09-Dec-24 Information published. |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-11233 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
8.1.31-1 | Unknown | None |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.2 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
8.1.31-1 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2024-11233 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2023-52890
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.5/TemporalScore:4.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.0 29-Aug-24 Information published. 1.0 30-Aug-24 Information published. 1.0 31-Aug-24 Information published. 1.0 01-Sep-24 Information published. 1.0 02-Sep-24 Information published. 1.0 03-Sep-24 Information published. 1.0 05-Sep-24 Information published. 1.0 06-Sep-24 Information published. 1.0 07-Sep-24 Information published. 1.0 08-Sep-24 Information published. 1.0 11-Sep-24 Information published. 2.0 10-Dec-24 Added ntfs-3g to CBL-Mariner 2.0 Added ntfs-3g to Azure Linux 3.0 |
Unknown | Unknown | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-52890 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure Linux 3.0 ARM | ntfs-3g (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
2022.10.3-2 | Unknown | None |
| Azure Linux 3.0 x64 | ntfs-3g (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
2022.10.3-2 | Unknown | None |
| CBL Mariner 2.0 ARM | ntfs-3g (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
2022.10.3-2 | Unknown | None |
| CBL Mariner 2.0 x64 | ntfs-3g (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
2022.10.3-2 | Unknown | None |
| CVE ID | Acknowledgements |
| CVE-2023-52890 | None |