This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability | Critical |
| Airlift.microsoft.com | CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | Critical |
| Azure CycleCloud | CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
| LightGBM | CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-10826 | Chromium: CVE-2024-10826 Use after free in Family Experiences | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-10827 | Chromium: CVE-2024-10827 Use after free in Serial | Unknown |
| Microsoft Exchange Server | CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | ADV240001 | Microsoft SharePoint Server Defense in Depth Update | None |
| Microsoft Office Word | CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| Microsoft PC Manager | CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Virtual Hard Drive | CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | Important |
| Microsoft Windows DNS | CVE-2024-43450 | Windows DNS Spoofing Vulnerability | Important |
| Role: Windows Active Directory Certificate Services | CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| TorchGeo | CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | Moderate |
| Windows CSC Service | CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Defender Application Control (WDAC) | CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NT OS Kernel | CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTLM | CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Package Library Manager | CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Registry | CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows SMB | CVE-2024-43642 | Windows SMB Denial of Service Vulnerability | Important |
| Windows SMBv3 Client/Server | CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability | Important |
| Windows Task Scheduler | CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows VMSwitch | CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | Critical |
| Windows Win32 Kernel Subsystem | CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43530 MITRE NVD |
CVE Title: Windows Update Stack Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43530 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43530 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43499 MITRE NVD |
CVE Title: .NET and Visual Studio Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43499 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| .NET 9.0 installed on Linux | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| .NET 9.0 installed on Mac OS | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| .NET 9.0 installed on Windows | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Unknown |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43499 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43602 MITRE NVD |
CVE Title: Azure CycleCloud Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43602 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure CycleCloud 8.0.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.0.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.0.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.1.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.1.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.2.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.2.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.2.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.3.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.4.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.4.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.4.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.5.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.6.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.6.1 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.6.2 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.6.3 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Azure CycleCloud 8.6.4 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43602 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43623 MITRE NVD |
CVE Title: Windows NT OS Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43623 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43623 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43625 MITRE NVD |
CVE Title: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Is SCVMM (System Center Virtual Machine Manager) affected by this vulnerability? The vulnerability is confined to the VmSwitch component within Hyper-V. SCVMM (System Center Virtual Machine Manager) primarily functions as an orchestration layer and is not exploitable by this vulnerability itself. How could an attacker exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to send a specific series of networking requests to the VMswitch driver triggering a use after free vulnerability in the Hyper-V host which grants host privileges that could be used to perform arbitrary code execution. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43625 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Elevation of Privilege | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43625 | Henry Wang with Microsoft Offensive Research and Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43626 MITRE NVD |
CVE Title: Windows Telephony Service Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43626 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43626 | Chen Le Qi with STAR Labs SG Pte. Ltd.
mochizu with STAR Labs SG Pte. Ltd. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43627 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43627 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43627 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43628 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43628 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43628 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43630 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43630 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43630 | Anonymous RanchoIce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43631 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43631 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43631 | Microsoft Offensive Research & Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43634 MITRE NVD |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43634 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43634 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43637 MITRE NVD |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43637 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43637 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43638 MITRE NVD |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43638 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43638 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43643 MITRE NVD |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43643 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43643 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43644 MITRE NVD |
CVE Title: Windows Client-Side Caching Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43644 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43644 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43645 MITRE NVD |
CVE Title: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43645 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43645 | Jordan Geurten with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43646 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43646 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43646 | Microsoft Offensive Research & Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43447 MITRE NVD |
CVE Title: Windows SMBv3 Server Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? To successfully exploit this vulnerability, an attacker would need to use a malicious SMB client to mount an attack against the SMB server. This exploit is only applicable to SMB over QUIC. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43447 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43447 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43449 MITRE NVD |
CVE Title: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43449 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43449 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43450 MITRE NVD |
CVE Title: Windows DNS Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43450 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43450 | Peng Zuo (zuopeng@cnnic.cn) Qian Wang (wangqian@cnnic.cn) Ming He (heming@cnnic.cn) Zhiwei Yanyan (zhiwei@cnnic.cn) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43451 MITRE NVD |
CVE Title: NTLM Hash Disclosure Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Not Found | N/A | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43451 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) 5046630 (IE Cumulative) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046630 (IE Cumulative) 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046630 (IE Cumulative) 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046630 (IE Cumulative) 5046682 (Monthly Rollup) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046630 (IE Cumulative) 5046682 (Monthly Rollup) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43451 | Israel Yeshurun with ClearSky Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43452 MITRE NVD |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a windows client connects to a malicious remote share. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43452 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43452 | Mateusz Jurczyk with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-38255 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38255 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-38255 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38264 MITRE NVD |
CVE Title: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38264 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | None | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-38264 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43459 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43459 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43459 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-43462 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43462 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43462 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48994 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48994 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48994 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48995 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48995 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48995 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48996 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48996 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48996 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-5535 MITRE NVD |
CVE Title: OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
Description: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N). Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-5535 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | openssl (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| CBL Mariner 2.0 x64 | openssl (CBL-Mariner) cloud-hypervisor-cvm (CBL-Mariner) |
Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| Microsoft Defender for Endpoint for Android | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
No |
| Microsoft Defender for Endpoint for iOS | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
No |
| CVE ID | Acknowledgements |
| CVE-2024-5535 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49040 MITRE NVD |
CVE Title: Microsoft Exchange Server Spoofing Vulnerability
Description: Unknown FAQ: Is there additional information I need to know about or actions to perform after installing the update? Yes, please see the information available in Exchange Server non-RFC compliant P2 FROM header detection. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49040 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2016 Cumulative Update 23 | 5044062 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 13 | 5044062 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 14 | 5044062 (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-49040 | Slonser with Solidlab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49043 MITRE NVD |
CVE Title: Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49043 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2022 for x64-based Systems (CU 15) | 5046862 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5046861 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49043 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49044 MITRE NVD |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authenticated attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the privileges of the user. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49044 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Unknown |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49044 | Filip Dragovic |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49046 MITRE NVD |
CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49046 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-49046 | Joe Bialek with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49049 MITRE NVD |
CVE Title: Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability? An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Moderate | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49049 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Visual Studio Code Remote - SSH Extension | Release Notes (Security Update) | Moderate | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49049 | Aleksandar Straumann with Meta Greg Prosser with Meta |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49056 MITRE NVD |
CVE Title: Airlift.microsoft.com Elevation of Privilege Vulnerability
Description: Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49056 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| airlift.microsoft.com | Critical | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2024-49056 | Cameron Vincent with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43598 MITRE NVD |
CVE Title: LightGBM Remote Code Execution Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43598 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| LightGBM | Releaase Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43598 | Tian Yu (@0gur1). Submitted to Huntr by ProtectAI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43498 MITRE NVD |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43498 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| .NET 9.0 installed on Linux | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| .NET 9.0 installed on Mac OS | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| .NET 9.0 installed on Windows | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-43498 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43620 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43620 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43620 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43621 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43621 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43621 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43622 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43622 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43622 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43624 MITRE NVD |
CVE Title: Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
Description: Unknown FAQ: How would an attacker exploit this vulnerability? This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43624 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43624 | D4m0n with CW Research Inc. nevul37 with CW Research Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43629 MITRE NVD |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43629 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43629 | Sergey Tarasov with Positive Technologies |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43633 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43633 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43633 | ChengBin Wang with ZheJiang Guoli Security Technology |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43635 MITRE NVD |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43635 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43635 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43636 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43636 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43636 | Joe Bialek (Microsoft Offensive Research & Security Engineering) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43639 MITRE NVD |
CVE Title: Windows Kerberos Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43639 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43639 | Wei in Kunlun Lab with Cyber KunLun k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43640 MITRE NVD |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43640 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43640 | Kam Reypour |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43641 MITRE NVD |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43641 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43641 | Mateusz Jurczyk with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43642 MITRE NVD |
CVE Title: Windows SMB Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43642 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-43642 | Andrew Ruddick with Microsoft Red Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38203 MITRE NVD |
CVE Title: Windows Package Library Manager Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38203 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Information Disclosure | None | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-38203 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48993 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48993 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48993 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48997 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48997 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48997 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48998 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48998 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48998 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-48999 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-48999 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-48999 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49000 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49000 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49000 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49001 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49001 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49001 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49002 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49002 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49002 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49003 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49003 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49003 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49004 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49004 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49004 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49005 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49005 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49005 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49007 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49007 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49007 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-49006 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: I am running SQL Server on my system. What action do I need to take? Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. I am running my own application on my system. What action do I need to take? Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability. I am running an application from a software vendor on my system. What action do I need to take? Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?
Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.
What are the GDR and CU update designations and how do they differ? The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.
For any given baseline, either the GDR or CU updates could be options (see below).
Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path. Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)? Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49006 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49006 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49008 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49008 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49008 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49009 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49009 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49009 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49010 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49010 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49010 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49011 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49011 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49011 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49012 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49012 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49012 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49013 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49013 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49013 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49014 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49014 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49014 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49015 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49015 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49015 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49016 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49016 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49016 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49017 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49017 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49017 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49018 MITRE NVD |
CVE Title: SQL Server Native Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49018 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49018 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49019 MITRE NVD |
CVE Title: Active Directory Certificate Services Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. What types of certificates are vulnerable to this type of attack? Certificates created using a version 1 certificate template with Source of subject name set to "Supplied in the request" are potentially vulnerable if the template is not secured according to the best practices published in the Securing Certificate Templates section of Securing PKI: Technical Controls for Securing PKI | Microsoft Learn. How do I know if my PKI environment is vulnerable to this type of attack? Check if you have published any certificates created using a version 1 certificate template where the Source of subject name is set to "Supplied in the request" and the Enroll permissions are granted to a broader set of accounts, such as domain users or domain computers. An example is the built-in Web Server template, but it is not vulnerable by default due to its restricted Enroll permissions. Mitigations: Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49019 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5046661 (Monthly Rollup) 5046639 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5046687 (Monthly Rollup) 5046705 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5046697 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5046682 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-49019 | Justin Bollinger with TrustedSec Scot Berner with TrustedSec Lou Scicchitano with TrustedSec |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49021 MITRE NVD |
CVE Title: Microsoft SQL Server Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49021 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | 5046855 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | 5046856 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | 5046858 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | 5046857 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) | 5046860 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | 5046859 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2022 for x64-based Systems (CU 15) | 5046862 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | 5046861 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49021 | CHEN QINGYANG with Topsec Alpha Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49026 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49026 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 5002648 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49026 | Orange Tsai (@orange_8361) with DEVCORE splitline (@_splitline_) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49027 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49027 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49027 | 0x140ce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49028 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49028 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49028 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49029 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49029 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49029 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49030 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49030 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2016 (32-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002653 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49030 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49031 MITRE NVD |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49031 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2016 (32-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49031 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49032 MITRE NVD |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49032 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2016 (32-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002642 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49032 | Anonymous with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49033 MITRE NVD |
CVE Title: Microsoft Word Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted Word file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message. Then the attacker must convince the victim to open the malicious file. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49033 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2016 (32-bit edition) | 5002619 (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 5002619 (Security Update) | Important | Security Feature Bypass | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49033 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49039 MITRE NVD |
CVE Title: Windows Task Scheduler Elevation of Privilege Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Not Found | N/A | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49039 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5046665 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for 32-bit Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for ARM64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 22H2 for x64-based Systems | 5046613 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 22H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for ARM64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 23H2 for x64-based Systems | 5046633 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for ARM64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 11 Version 24H2 for x64-based Systems | 5046617 (Security Update) 5046696 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5046612 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5046615 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5046616 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5046618 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2025 | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2025 (Server Core installation) | 5046617 (Security Update) 5046696 (Security Update) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2024-49039 | Anonymous Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49048 MITRE NVD |
CVE Title: TorchGeo Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49048 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft TorchGeo | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49048 | Peng Zhou (zpbrent) with Shanghai University |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49050 MITRE NVD |
CVE Title: Visual Studio Code Python Extension Remote Code Execution Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49050 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Python extension for Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49050 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49051 MITRE NVD |
CVE Title: Microsoft PC Manager Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would be able to delete any system files. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49051 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft PC Manager | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2024-49051 | BochengXiang(@Crispr) with FDU |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2024-10826 MITRE NVD |
CVE Title: Chromium: CVE-2024-10826 Use after free in Family Experiences
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2024-11-07T08:00:20 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-10826 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2024-10826 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2024-10827 MITRE NVD |
CVE Title: Chromium: CVE-2024-10827 Use after free in Serial
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2024-11-07T08:00:26 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-10827 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2024-10827 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| ADV240001 MITRE NVD |
CVE Title: Microsoft SharePoint Server Defense in Depth Update
Description: Microsoft has released an security update for Microsoft SharePoint Server. The update provides a defense in depth enhancement regarding redirections. FAQ: Why is this advisory published to the Security Updates Guide Vulnerabilities tab instead of the Advisories tab? We are publishing this advisory to the Security Update Guide's Vulnerabilities tab to document the related defense in depth security updates in the Deployments tab. Generally advisories do not contain security updates. However Microsoft Engineering elected to provide them to ensure customers could ensure they are protected. Please reference the Security Updates table or the Deployments tab to find the security update for related to your product. Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T08:00:00 Information published. |
None | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
| ADV240001 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5002654 (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft SharePoint Server 2019 | 5002650 (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft SharePoint Server Subscription Edition | 5002651 (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| ADV240001 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-6237 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-01T00:00:00 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added openssl to Azure Linux 3.0 1.0 2024-04-25T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-13T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-6237 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs (CBL-Mariner) openssl (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | cloud-hypervisor-cvm (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2023-6237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-49582 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added apr to Azure Linux 3.0 Added apr to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-49582 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 ARM | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 x64 | apr (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-49582 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38588 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38588 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-38588 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38381 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-15T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 3.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38381 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-38381 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-42228 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-08-16T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42228 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-42228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8006 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added libpcap to Azure Linux 3.0 Added libpcap to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8006 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-8006 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-24786 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 4.0 2024-11-01T00:00:00 Added kubernetes to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.0 2024-11-08T00:00:00 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 1.0 2024-03-08T00:00:00 Information published. 2.0 2024-04-01T00:00:00 Added node-problem-detector to CBL-Mariner 2.0 1.0 2024-07-02T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-10T00:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 3.0 2024-10-16T00:00:00 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-24786 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cri-tools (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) cert-manager (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2024-24786 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-32149 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-26T00:00:00 Information published. 1.0 2024-09-27T00:00:00 Information published. 1.0 2024-09-29T00:00:00 Information published. 1.0 2024-09-30T00:00:00 Information published. 1.0 2024-10-04T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-08T00:00:00 Information published. 3.0 2024-10-15T00:00:00 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.0 2024-10-20T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.0 2024-10-21T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.0 2024-10-22T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.0 2024-10-23T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.0 2024-10-24T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 14.0 2024-10-26T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 16.0 2024-10-28T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 18.0 2024-10-30T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 19.0 2024-10-31T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 22.0 2024-11-04T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 23.0 2024-11-05T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 24.0 2024-11-06T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 26.0 2024-11-08T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 27.0 2024-11-09T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 28.0 2024-11-10T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 29.0 2024-11-11T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 1.0 2023-11-08T00:00:00 Information published. 2.0 2024-01-24T00:00:00 Added sriov-network-device-plugin to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-09-19T00:00:00 Information published. 1.0 2024-09-20T00:00:00 Information published. 1.0 2024-09-21T00:00:00 Information published. 1.0 2024-09-22T00:00:00 Information published. 1.0 2024-09-23T00:00:00 Information published. 1.0 2024-09-24T00:00:00 Information published. 1.0 2024-09-25T00:00:00 Information published. 1.0 2024-09-28T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 1.0 2024-10-02T00:00:00 Information published. 1.0 2024-10-03T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 1.0 2024-10-13T00:00:00 Information published. 1.0 2024-10-14T00:00:00 Information published. 4.0 2024-10-16T00:00:00 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.0 2024-10-17T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.0 2024-10-18T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.0 2024-10-19T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.0 2024-10-25T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 15.0 2024-10-27T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 17.0 2024-10-29T00:00:00 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 20.0 2024-11-01T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 21.0 2024-11-02T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 25.0 2024-11-07T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 30.0 2024-11-12T00:00:00 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-32149 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2022-32149 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-41098 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-41098 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-41098 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43853 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43853 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8927 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added php to Azure Linux 3.0 Added php to CBL-Mariner 2.0 1.0 2024-11-01T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8927 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-8927 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46863 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46863 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46863 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-28182 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-08-16T00:00:00 Information published. 2.0 2024-10-22T00:00:00 Added fluent-bit to Azure Linux 3.0 Added nghttp2 to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added nodejs18 to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-10T00:00:00 Information published. 1.0 2024-08-17T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 1.0 2024-08-19T00:00:00 Information published. 1.0 2024-08-20T00:00:00 Information published. 1.0 2024-08-21T00:00:00 Information published. 1.0 2024-08-22T00:00:00 Information published. 1.0 2024-08-23T00:00:00 Information published. 1.0 2024-08-24T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 3.0 2024-11-01T00:00:00 Added nghttp2 to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added fluent-bit to Azure Linux 3.0 Added nghttp2 to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28182 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | fluent-bit (CBL-Mariner) nghttp2 (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| Azure Linux 3.0 x64 | fluent-bit (CBL-Mariner) nghttp2 (CBL-Mariner) nodejs (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| CBL Mariner 2.0 ARM | nghttp2 (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| CBL Mariner 2.0 x64 | nghttp2 (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| CVE ID | Acknowledgements |
| CVE-2024-28182 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-31228 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31228 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-31228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-31449 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-16T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added redis to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31449 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | redis (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-31449 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27282 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-05-14T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added ruby to CBL-Mariner 2.0 Added ruby to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27282 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Unknown |
| CBL Mariner 2.0 ARM | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | ruby (CBL-Mariner) | Unknown | Unknown | None | Base: 6.6 Temporal: 6.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27282 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-31951 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-11T00:00:00 Information published. 2.0 2024-11-05T00:00:00 Added frr to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31951 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | frr (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-31951 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-32607 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-05-14T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 2.0 2024-11-06T00:00:00 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-32607 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-32607 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27435 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-11T00:00:00 Information published. 2.0 2024-11-07T00:00:00 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27435 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27435 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27037 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-08T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-06-30T07:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27037 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27037 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-30203 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-08T00:00:00 Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0 1.0 2024-06-30T07:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-30203 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | emacs (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-30203 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-26950 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-08T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26950 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-26950 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-45866 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added bluez to Azure Linux 3.0 Added bluez to CBL-Mariner 2.0 1.0 2023-12-21T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45866 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 ARM | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | bluez (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-45866 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-1981 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-1981 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | avahi (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | avahi (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-1981 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50602 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50602 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | expat (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50602 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-2410 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2410 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 7.6 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 7.6 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-2410 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-28835 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28835 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-28835 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-28834 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28834 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-28834 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-48161 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added giflib to Azure Linux 3.0 Added giflib to CBL-Mariner 2.0 1.0 2024-10-16T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-48161 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-48161 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27028 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27028 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27028 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-52917 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-52917 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-52917 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-26596 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26596 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-26596 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27012 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27012 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27012 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46853 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46853 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46854 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46854 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46854 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46852 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46852 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46852 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46861 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46861 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46861 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46860 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46860 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46860 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47670 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47670 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47670 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46864 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46864 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46864 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47679 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47679 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47679 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47675 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47675 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47675 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47678 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47678 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47678 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47686 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47686 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47686 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47685 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47685 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47685 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47688 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47688 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47688 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47693 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47693 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47693 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47695 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47695 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47695 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47696 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47696 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47696 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47705 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47705 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47705 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47701 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47701 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47701 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47704 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47704 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47704 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47706 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47706 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47706 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47712 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47712 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47712 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47714 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47714 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47714 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47715 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47715 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47715 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47713 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47713 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47713 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47728 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47728 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47728 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47723 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47723 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47723 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47727 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47727 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47727 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47739 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47739 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47739 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47741 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47741 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47741 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47738 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47738 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47738 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47737 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47737 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47737 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47745 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47745 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47745 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47749 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47749 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47749 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47747 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47747 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47747 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47748 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47748 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47748 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47756 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47756 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47756 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47754 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47754 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47754 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47757 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47757 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47757 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49856 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49856 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49856 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49854 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49854 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49854 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49855 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49855 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49855 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49863 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49863 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49863 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49871 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49871 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49871 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49861 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49861 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49861 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49862 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49862 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49862 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49905 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49905 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49905 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49907 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49907 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49907 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49896 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49896 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49896 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50026 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50026 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50026 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50024 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50024 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50024 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50029 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50029 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50029 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50023 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50023 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50023 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50039 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50039 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50039 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50038 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50038 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50038 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50036 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50036 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50036 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50035 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50035 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50035 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50047 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50047 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50047 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50046 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50046 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50046 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50048 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50048 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50048 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50061 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50061 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50061 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50059 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50059 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50059 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50062 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50062 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50062 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-46219 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 4.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 1.0 2023-12-12T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 2.0 2024-10-23T00:00:00 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 3.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-46219 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2023-46219 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-1941 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-15T00:00:00 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added protobuf to CBL-Mariner 2.0 4.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 5.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 3.0 2024-10-23T00:00:00 Added mysql to CBL-Mariner 2.0 Added protobuf to CBL-Mariner 2.0 Added pytorch to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added keras to Azure Linux 3.0 Added python-tensorboard to Azure Linux 3.0 Added protobuf to Azure Linux 3.0 Added grpc to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-1941 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | grpc (CBL-Mariner) keras (CBL-Mariner) mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | grpc (CBL-Mariner) keras (CBL-Mariner) mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) protobuf (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2022-1941 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-46218 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 4.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 1.0 2023-12-11T00:00:00 Information published. 2.0 2023-12-12T00:00:00 Added mysql to CBL-Mariner 2.0 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 3.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-46218 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2023-46218 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-2004 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-05T00:00:00 Information published. 4.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 1.0 2024-08-05T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 2.0 2024-10-23T00:00:00 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 3.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2004 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 3.5 Temporal: 3.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2024-2004 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21130 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21130 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21130 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21134 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21134 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21134 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21127 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21127 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21127 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21129 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21129 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21129 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21163 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21163 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21163 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21160 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21160 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21160 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21159 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21159 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21159 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21162 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21162 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21162 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21196 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21196 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21196 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21193 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21193 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21193 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21194 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21194 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21194 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21212 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21212 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21212 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21203 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21203 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21203 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21207 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21207 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21207 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21236 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21236 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21236 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21238 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21238 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21238 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21231 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21231 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.1 Temporal: 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21231 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21237 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21237 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 2.2 Temporal: 2.2 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21237 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-42934 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-31T00:00:00 Added OpenIPMI to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added OpenIPMI to Azure Linux 3.0 Added OpenIPMI to CBL-Mariner 2.0 1.0 2024-10-16T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42934 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | OpenIPMI (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | OpenIPMI (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 ARM | OpenIPMI (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | OpenIPMI (CBL-Mariner) | Unknown | Unknown | None | Base: 5.0 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-42934 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-22365 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added pam to Azure Linux 3.0 Added pam to CBL-Mariner 2.0 1.0 2024-02-06T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-22365 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-22365 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-7264 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7264 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-7264 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-2398 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-05T00:00:00 Information published. 4.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 1.0 2024-08-05T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 2.0 2024-10-23T00:00:00 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 3.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-2398 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
|
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
|
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
|
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 8.6 Temporal: 8.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
|
| CVE ID | Acknowledgements |
| CVE-2024-2398 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47814 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47814 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47814 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47554 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47554 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| Azure Linux 3.0 x64 | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 ARM | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | apache-commons-io (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47554 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-44952 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-10T00:00:00 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44952 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-44952 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49894 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49894 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49894 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49954 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49954 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49954 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49965 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49965 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49965 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49976 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49976 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49976 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49986 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49986 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49986 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50006 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50006 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50006 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49867 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49867 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49867 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49901 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49901 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49901 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49967 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49967 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49967 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49977 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49977 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49977 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49988 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49988 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49988 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50008 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50008 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50008 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-28180 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-09T00:00:00 Information published. 3.0 2024-11-01T00:00:00 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 4.0 2024-11-09T00:00:00 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 1.0 2024-04-11T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-10-16T00:00:00 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-28180 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) dcos-cli (CBL-Mariner) keda (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) dcos-cli (CBL-Mariner) keda (CBL-Mariner) kubernetes (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) dcos-cli (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) dcos-cli (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.3 Temporal: 4.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
|
| CVE ID | Acknowledgements |
| CVE-2024-28180 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-39129 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-39129 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-39129 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-39128 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-39128 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-39128 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-3978 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-10-15T00:00:00 Added multus to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added cert-manager to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 4.0 2024-11-01T00:00:00 Added cni-plugins to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 1.0 2023-08-08T00:00:00 Information published. 2.0 2024-01-18T00:00:00 Added packer to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-10T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-3978 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) prometheus-adapter (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) prometheus-adapter (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) cni-plugins (CBL-Mariner) multus (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) cni-plugins (CBL-Mariner) multus (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2023-3978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43829 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43829 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43829 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-42246 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-08-16T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42246 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-42246 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-42297 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-42297 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-42297 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43897 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43897 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43897 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47755 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47755 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47755 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8926 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added php to Azure Linux 3.0 Added php to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8926 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-8926 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8925 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added php to Azure Linux 3.0 Added php to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8925 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| Azure Linux 3.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-8925 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-9026 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added php to Azure Linux 3.0 Added php to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-9026 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| Azure Linux 3.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CBL Mariner 2.0 ARM | php (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CBL Mariner 2.0 x64 | php (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-9026 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-45288 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-26T00:00:00 Information published. 1.0 2024-09-28T00:00:00 Information published. 1.0 2024-09-29T00:00:00 Information published. 1.0 2024-09-30T00:00:00 Information published. 1.0 2024-10-04T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 2.0 2024-10-15T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 4.0 2024-10-17T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.0 2024-10-20T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.0 2024-10-21T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.0 2024-10-23T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.0 2024-10-24T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 15.0 2024-10-28T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 16.0 2024-10-29T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 17.0 2024-10-30T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 18.0 2024-10-31T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 19.0 2024-11-01T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 21.0 2024-11-04T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 22.0 2024-11-05T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 23.0 2024-11-06T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 25.0 2024-11-08T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 26.0 2024-11-09T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 27.0 2024-11-10T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 28.0 2024-11-11T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 1.0 2024-04-20T00:00:00 Information published. 1.0 2024-04-08T00:00:00 Information published. 1.0 2024-07-02T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-12T00:00:00 Information published. 1.0 2024-08-07T00:00:00 Information published. 1.0 2024-08-08T00:00:00 Information published. 1.0 2024-08-09T00:00:00 Information published. 1.0 2024-08-10T00:00:00 Information published. 1.0 2024-08-11T00:00:00 Information published. 1.0 2024-08-12T00:00:00 Information published. 1.0 2024-08-15T00:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-17T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 1.0 2024-08-19T00:00:00 Information published. 1.0 2024-08-20T00:00:00 Information published. 1.0 2024-08-21T00:00:00 Information published. 1.0 2024-08-22T00:00:00 Information published. 1.0 2024-08-23T00:00:00 Information published. 1.0 2024-08-24T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-09-14T00:00:00 Information published. 1.0 2024-09-15T00:00:00 Information published. 1.0 2024-09-16T00:00:00 Information published. 1.0 2024-09-17T00:00:00 Information published. 1.0 2024-09-18T00:00:00 Information published. 1.0 2024-09-19T00:00:00 Information published. 1.0 2024-09-20T00:00:00 Information published. 1.0 2024-09-21T00:00:00 Information published. 1.0 2024-09-22T00:00:00 Information published. 1.0 2024-09-23T00:00:00 Information published. 1.0 2024-09-24T00:00:00 Information published. 1.0 2024-09-25T00:00:00 Information published. 1.0 2024-09-27T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 1.0 2024-10-02T00:00:00 Information published. 1.0 2024-10-03T00:00:00 Information published. 1.0 2024-10-10T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 1.0 2024-10-13T00:00:00 Information published. 1.0 2024-10-14T00:00:00 Information published. 3.0 2024-10-16T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 5.0 2024-10-18T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.0 2024-10-19T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.0 2024-10-22T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.0 2024-10-25T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.0 2024-10-26T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.0 2024-10-27T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 20.0 2024-11-02T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 24.0 2024-11-07T00:00:00 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 29.0 2024-11-12T00:00:00 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-45288 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2023-45288 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-39130 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0 1.0 2024-11-01T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-39130 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | gdb (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-39130 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8096 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 4.0 2024-11-09T00:00:00 Added curl to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-01T00:00:00 Information published. 2.0 2024-10-23T00:00:00 Added mysql to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 3.0 2024-11-01T00:00:00 Added curl to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8096 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cmake (CBL-Mariner) curl (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| Azure Linux 3.0 x64 | cmake (CBL-Mariner) curl (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CBL Mariner 2.0 ARM | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CBL Mariner 2.0 x64 | curl (CBL-Mariner) mysql (CBL-Mariner) |
Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2024-8096 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-6104 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-26T00:00:00 Information published. 1.0 2024-09-27T00:00:00 Information published. 1.0 2024-09-28T00:00:00 Information published. 1.0 2024-09-29T00:00:00 Information published. 1.0 2024-09-30T00:00:00 Information published. 1.0 2024-10-03T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 2.0 2024-10-15T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 4.0 2024-10-17T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 6.0 2024-10-19T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.0 2024-10-20T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.0 2024-10-22T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.0 2024-10-24T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.0 2024-10-26T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.0 2024-10-28T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 16.0 2024-10-29T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 17.0 2024-10-30T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 21.0 2024-11-04T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 23.0 2024-11-06T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 25.0 2024-11-08T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 26.0 2024-11-09T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 27.0 2024-11-10T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 28.0 2024-11-11T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 1.0 2024-08-05T00:00:00 Information published. 1.0 2024-08-15T00:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-17T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 1.0 2024-08-19T00:00:00 Information published. 1.0 2024-08-20T00:00:00 Information published. 1.0 2024-08-21T00:00:00 Information published. 1.0 2024-08-22T00:00:00 Information published. 1.0 2024-08-23T00:00:00 Information published. 1.0 2024-08-24T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-09-14T00:00:00 Information published. 1.0 2024-09-15T00:00:00 Information published. 1.0 2024-09-16T00:00:00 Information published. 1.0 2024-09-17T00:00:00 Information published. 1.0 2024-09-18T00:00:00 Information published. 1.0 2024-09-19T00:00:00 Information published. 1.0 2024-09-20T00:00:00 Information published. 1.0 2024-09-21T00:00:00 Information published. 1.0 2024-09-22T00:00:00 Information published. 1.0 2024-09-23T00:00:00 Information published. 1.0 2024-09-24T00:00:00 Information published. 1.0 2024-09-25T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 1.0 2024-10-02T00:00:00 Information published. 1.0 2024-10-04T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-08T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 1.0 2024-10-13T00:00:00 Information published. 1.0 2024-10-14T00:00:00 Information published. 3.0 2024-10-16T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 5.0 2024-10-18T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.0 2024-10-21T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.0 2024-10-23T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.0 2024-10-25T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.0 2024-10-27T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 18.0 2024-10-31T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 19.0 2024-11-01T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 20.0 2024-11-02T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 22.0 2024-11-05T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 24.0 2024-11-07T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 29.0 2024-11-12T00:00:00 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-6104 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | libcontainers-common (CBL-Mariner) cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) libcontainers-common (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2024-6104 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-5981 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-01T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-5981 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 x64 | gnutls (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-5981 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-38577 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-38577 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-38577 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43884 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-15T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. 3.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43884 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43884 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43892 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43892 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43892 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43905 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-12T00:00:00 Information published. 2.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43905 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43905 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-44946 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-15T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. 3.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44946 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-44946 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-44974 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-15T00:00:00 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.0 2024-10-12T00:00:00 Information published. 3.0 2024-11-01T00:00:00 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-44974 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-44974 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2007-4559 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-26T00:00:00 Information published. 1.0 2024-09-29T00:00:00 Information published. 1.0 2024-10-02T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 3.0 2024-10-15T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 5.0 2024-10-17T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 8.0 2024-10-20T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 10.0 2024-10-22T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.0 2024-10-24T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.0 2024-10-25T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.0 2024-10-26T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.0 2024-10-28T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.0 2024-10-30T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 22.0 2024-11-04T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 23.0 2024-11-05T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 24.0 2024-11-06T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 26.0 2024-11-08T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 27.0 2024-11-09T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 28.0 2024-11-10T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 29.0 2024-11-11T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 1.0 2020-09-25T00:00:00 Information published. 2.0 2021-12-16T00:00:00 Added python3 to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-08T00:00:00 Information published. 1.0 2024-07-09T00:00:00 Information published. 1.0 2024-07-10T00:00:00 Information published. 1.0 2024-07-12T00:00:00 Information published. 1.0 2024-07-13T00:00:00 Information published. 1.0 2024-07-14T00:00:00 Information published. 1.0 2024-07-15T00:00:00 Information published. 1.0 2024-07-16T00:00:00 Information published. 1.0 2024-07-17T00:00:00 Information published. 1.0 2024-07-19T00:00:00 Information published. 1.0 2024-07-20T00:00:00 Information published. 1.0 2024-07-21T00:00:00 Information published. 1.0 2024-07-22T00:00:00 Information published. 1.0 2024-07-23T00:00:00 Information published. 1.0 2024-07-24T00:00:00 Information published. 1.0 2024-07-25T00:00:00 Information published. 1.0 2024-07-26T00:00:00 Information published. 1.0 2024-07-27T00:00:00 Information published. 1.0 2024-07-28T00:00:00 Information published. 1.0 2024-07-29T00:00:00 Information published. 1.0 2024-08-02T00:00:00 Information published. 1.0 2024-08-03T00:00:00 Information published. 1.0 2024-08-04T00:00:00 Information published. 1.0 2024-08-05T00:00:00 Information published. 1.0 2024-08-06T00:00:00 Information published. 1.0 2024-08-07T00:00:00 Information published. 1.0 2024-08-08T00:00:00 Information published. 1.0 2024-08-09T00:00:00 Information published. 1.0 2024-08-10T00:00:00 Information published. 1.0 2024-08-11T00:00:00 Information published. 1.0 2024-08-12T00:00:00 Information published. 1.0 2024-08-15T00:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-17T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 1.0 2024-08-19T00:00:00 Information published. 1.0 2024-08-20T00:00:00 Information published. 1.0 2024-08-21T00:00:00 Information published. 1.0 2024-08-22T00:00:00 Information published. 1.0 2024-08-23T00:00:00 Information published. 1.0 2024-08-24T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-12T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-09-14T00:00:00 Information published. 1.0 2024-09-15T00:00:00 Information published. 1.0 2024-09-16T00:00:00 Information published. 1.0 2024-09-17T00:00:00 Information published. 1.0 2024-09-18T00:00:00 Information published. 1.0 2024-09-19T00:00:00 Information published. 1.0 2024-09-20T00:00:00 Information published. 1.0 2024-09-21T00:00:00 Information published. 1.0 2024-09-22T00:00:00 Information published. 1.0 2024-09-23T00:00:00 Information published. 1.0 2024-09-24T00:00:00 Information published. 1.0 2024-09-25T00:00:00 Information published. 1.0 2024-09-27T00:00:00 Information published. 1.0 2024-09-28T00:00:00 Information published. 1.0 2024-09-30T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 1.0 2024-10-03T00:00:00 Information published. 1.0 2024-10-04T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 1.0 2024-10-08T00:00:00 Information published. 1.0 2024-10-10T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 1.0 2024-10-13T00:00:00 Information published. 1.0 2024-10-14T00:00:00 Information published. 4.0 2024-10-16T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 6.0 2024-10-18T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 7.0 2024-10-19T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 9.0 2024-10-21T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.0 2024-10-23T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.0 2024-10-27T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.0 2024-10-29T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.0 2024-10-31T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 20.0 2024-11-01T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 21.0 2024-11-02T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 25.0 2024-11-07T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 30.0 2024-11-12T00:00:00 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2007-4559 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2007-4559 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27058 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-06-30T07:00:00 Information published. 2.0 2024-11-01T00:00:00 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27058 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27058 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-27840 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-15T00:00:00 Information published. 3.0 2024-10-17T00:00:00 Added samba to Azure Linux 3.0 5.0 2024-10-19T00:00:00 Added samba to Azure Linux 3.0 6.0 2024-10-20T00:00:00 Added samba to Azure Linux 3.0 7.0 2024-10-21T00:00:00 Added samba to Azure Linux 3.0 8.0 2024-10-22T00:00:00 Added samba to Azure Linux 3.0 9.0 2024-10-23T00:00:00 Added samba to Azure Linux 3.0 10.0 2024-10-24T00:00:00 Added samba to Azure Linux 3.0 12.0 2024-10-26T00:00:00 Added samba to Azure Linux 3.0 13.0 2024-10-27T00:00:00 Added samba to Azure Linux 3.0 14.0 2024-10-28T00:00:00 Added samba to Azure Linux 3.0 16.0 2024-10-30T00:00:00 Added samba to Azure Linux 3.0 17.0 2024-10-31T00:00:00 Added samba to Azure Linux 3.0 20.0 2024-11-04T00:00:00 Added samba to Azure Linux 3.0 21.0 2024-11-05T00:00:00 Added samba to Azure Linux 3.0 23.0 2024-11-07T00:00:00 Added samba to Azure Linux 3.0 24.0 2024-11-08T00:00:00 Added samba to Azure Linux 3.0 25.0 2024-11-09T00:00:00 Added samba to Azure Linux 3.0 26.0 2024-11-10T00:00:00 Added samba to Azure Linux 3.0 28.0 2024-11-12T00:00:00 Added samba to Azure Linux 3.0 2.0 2024-10-16T00:00:00 Added samba to Azure Linux 3.0 4.0 2024-10-18T00:00:00 Added samba to Azure Linux 3.0 11.0 2024-10-25T00:00:00 Added samba to Azure Linux 3.0 15.0 2024-10-29T00:00:00 Added samba to Azure Linux 3.0 18.0 2024-11-01T00:00:00 Added samba to Azure Linux 3.0 19.0 2024-11-02T00:00:00 Added samba to Azure Linux 3.0 22.0 2024-11-06T00:00:00 Added samba to Azure Linux 3.0 27.0 2024-11-11T00:00:00 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27840 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2020-27840 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-32746 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-15T00:00:00 Information published. 3.0 2024-10-17T00:00:00 Added samba to Azure Linux 3.0 5.0 2024-10-19T00:00:00 Added samba to Azure Linux 3.0 6.0 2024-10-20T00:00:00 Added samba to Azure Linux 3.0 7.0 2024-10-21T00:00:00 Added samba to Azure Linux 3.0 8.0 2024-10-22T00:00:00 Added samba to Azure Linux 3.0 9.0 2024-10-23T00:00:00 Added samba to Azure Linux 3.0 10.0 2024-10-24T00:00:00 Added samba to Azure Linux 3.0 11.0 2024-10-25T00:00:00 Added samba to Azure Linux 3.0 12.0 2024-10-26T00:00:00 Added samba to Azure Linux 3.0 14.0 2024-10-28T00:00:00 Added samba to Azure Linux 3.0 16.0 2024-10-30T00:00:00 Added samba to Azure Linux 3.0 20.0 2024-11-04T00:00:00 Added samba to Azure Linux 3.0 24.0 2024-11-08T00:00:00 Added samba to Azure Linux 3.0 25.0 2024-11-09T00:00:00 Added samba to Azure Linux 3.0 26.0 2024-11-10T00:00:00 Added samba to Azure Linux 3.0 2.0 2024-10-16T00:00:00 Added samba to Azure Linux 3.0 4.0 2024-10-18T00:00:00 Added samba to Azure Linux 3.0 13.0 2024-10-27T00:00:00 Added samba to Azure Linux 3.0 15.0 2024-10-29T00:00:00 Added samba to Azure Linux 3.0 17.0 2024-10-31T00:00:00 Added samba to Azure Linux 3.0 18.0 2024-11-01T00:00:00 Added samba to Azure Linux 3.0 19.0 2024-11-02T00:00:00 Added samba to Azure Linux 3.0 21.0 2024-11-05T00:00:00 Added samba to Azure Linux 3.0 22.0 2024-11-06T00:00:00 Added samba to Azure Linux 3.0 23.0 2024-11-07T00:00:00 Added samba to Azure Linux 3.0 27.0 2024-11-11T00:00:00 Added samba to Azure Linux 3.0 28.0 2024-11-12T00:00:00 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-32746 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2022-32746 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-20277 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-15T00:00:00 Information published. 5.0 2024-10-19T00:00:00 Added samba to Azure Linux 3.0 6.0 2024-10-20T00:00:00 Added samba to Azure Linux 3.0 7.0 2024-10-21T00:00:00 Added samba to Azure Linux 3.0 8.0 2024-10-22T00:00:00 Added samba to Azure Linux 3.0 10.0 2024-10-24T00:00:00 Added samba to Azure Linux 3.0 12.0 2024-10-26T00:00:00 Added samba to Azure Linux 3.0 14.0 2024-10-28T00:00:00 Added samba to Azure Linux 3.0 15.0 2024-10-29T00:00:00 Added samba to Azure Linux 3.0 16.0 2024-10-30T00:00:00 Added samba to Azure Linux 3.0 17.0 2024-10-31T00:00:00 Added samba to Azure Linux 3.0 20.0 2024-11-04T00:00:00 Added samba to Azure Linux 3.0 21.0 2024-11-05T00:00:00 Added samba to Azure Linux 3.0 22.0 2024-11-06T00:00:00 Added samba to Azure Linux 3.0 23.0 2024-11-07T00:00:00 Added samba to Azure Linux 3.0 24.0 2024-11-08T00:00:00 Added samba to Azure Linux 3.0 25.0 2024-11-09T00:00:00 Added samba to Azure Linux 3.0 26.0 2024-11-10T00:00:00 Added samba to Azure Linux 3.0 2.0 2024-10-16T00:00:00 Added samba to Azure Linux 3.0 3.0 2024-10-17T00:00:00 Added samba to Azure Linux 3.0 4.0 2024-10-18T00:00:00 Added samba to Azure Linux 3.0 9.0 2024-10-23T00:00:00 Added samba to Azure Linux 3.0 11.0 2024-10-25T00:00:00 Added samba to Azure Linux 3.0 13.0 2024-10-27T00:00:00 Added samba to Azure Linux 3.0 18.0 2024-11-01T00:00:00 Added samba to Azure Linux 3.0 19.0 2024-11-02T00:00:00 Added samba to Azure Linux 3.0 27.0 2024-11-11T00:00:00 Added samba to Azure Linux 3.0 28.0 2024-11-12T00:00:00 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-20277 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2021-20277 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-1393 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-26T00:00:00 Information published. 1.0 2024-09-27T00:00:00 Information published. 1.0 2024-09-30T00:00:00 Information published. 1.0 2024-10-04T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 2.0 2024-10-15T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.0 2024-10-19T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.0 2024-10-20T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.0 2024-10-21T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.0 2024-10-23T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.0 2024-10-24T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 13.0 2024-10-26T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 15.0 2024-10-28T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 17.0 2024-10-30T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 18.0 2024-10-31T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 21.0 2024-11-04T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 23.0 2024-11-06T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 25.0 2024-11-08T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 26.0 2024-11-09T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 27.0 2024-11-10T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 29.0 2024-11-12T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 1.0 2023-04-03T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 1.0 2024-09-12T00:00:00 Information published. 1.0 2024-09-13T00:00:00 Information published. 1.0 2024-09-14T00:00:00 Information published. 1.0 2024-09-15T00:00:00 Information published. 1.0 2024-09-16T00:00:00 Information published. 1.0 2024-09-17T00:00:00 Information published. 1.0 2024-09-18T00:00:00 Information published. 1.0 2024-09-19T00:00:00 Information published. 1.0 2024-09-20T00:00:00 Information published. 1.0 2024-09-21T00:00:00 Information published. 1.0 2024-09-22T00:00:00 Information published. 1.0 2024-09-23T00:00:00 Information published. 1.0 2024-09-24T00:00:00 Information published. 1.0 2024-09-25T00:00:00 Information published. 1.0 2024-09-28T00:00:00 Information published. 1.0 2024-09-29T00:00:00 Information published. 1.0 2024-10-01T00:00:00 Information published. 1.0 2024-10-02T00:00:00 Information published. 1.0 2024-10-03T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-10T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. 1.0 2024-10-13T00:00:00 Information published. 1.0 2024-10-14T00:00:00 Information published. 3.0 2024-10-16T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.0 2024-10-17T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.0 2024-10-18T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.0 2024-10-22T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.0 2024-10-25T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 14.0 2024-10-27T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 16.0 2024-10-29T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 19.0 2024-11-01T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 20.0 2024-11-02T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 22.0 2024-11-05T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 24.0 2024-11-07T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 28.0 2024-11-11T00:00:00 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-1393 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-1393 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-26940 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-05T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-26940 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-26940 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27393 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-09-11T00:00:00 Information published. 2.0 2024-11-05T00:00:00 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27393 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27393 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-38709 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-06T00:00:00 Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0 1.0 2024-04-08T00:00:00 Information published. 1.0 2024-08-15T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-38709 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 ARM | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | httpd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-38709 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27005 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-06T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27005 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 6.3 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27005 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-33875 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-06T00:00:00 Added hdf5 to CBL-Mariner 2.0 Added hdf5 to Azure Linux 3.0 1.0 2024-05-14T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-33875 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| Azure Linux 3.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 ARM | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CBL Mariner 2.0 x64 | hdf5 (CBL-Mariner) | Unknown | Unknown | None | Base: 5.7 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-33875 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-20505 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20505 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | clamav (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | clamav (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-20505 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-20506 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20506 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | clamav (CBL-Mariner) | Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| Azure Linux 3.0 x64 | clamav (CBL-Mariner) | Unknown | Unknown | None | Base: 6.1 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-20506 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-28506 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added giflib to Azure Linux 3.0 Added giflib to CBL-Mariner 2.0 1.0 2024-10-16T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-28506 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 ARM | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Unknown |
| CBL Mariner 2.0 x64 | giflib (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2022-28506 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27397 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-08T00:00:00 Information published. 1.0 2024-10-09T00:00:00 Information published. 2.0 2024-11-09T00:00:00 Added hyperv-daemons to Azure Linux 3.0 Added hyperv-daemons to CBL-Mariner 2.0 1.0 2024-05-14T00:00:00 Information published. 1.0 2024-10-05T00:00:00 Information published. 1.0 2024-10-06T00:00:00 Information published. 1.0 2024-10-07T00:00:00 Information published. 1.0 2024-10-10T00:00:00 Information published. 1.0 2024-10-11T00:00:00 Information published. 1.0 2024-10-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27397 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27397 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27436 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27436 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27436 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-35857 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-08-15T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35857 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-35857 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-35823 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added hyperv-daemons to Azure Linux 3.0 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-35823 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-35823 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-27017 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-27017 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-27017 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-36478 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-36478 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-36478 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46849 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46849 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46849 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46710 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46710 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46710 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46857 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46857 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46857 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46855 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46855 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46855 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46858 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46858 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46858 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-46859 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-46859 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-46859 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47672 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47672 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47672 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47671 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47671 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47671 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47674 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47674 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47674 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47673 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47673 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47673 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47682 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47682 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47682 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47681 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47681 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47681 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47683 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47683 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47683 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47684 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47684 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47684 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47689 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47689 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47689 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47690 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47690 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47690 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47692 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47692 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47692 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47691 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47691 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47691 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47697 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47697 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47697 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47698 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47698 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47698 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47699 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47699 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47699 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47700 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47700 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47700 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47707 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47707 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47707 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47709 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47709 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47709 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47710 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47710 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47710 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47716 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47716 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47716 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47718 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47718 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47718 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47719 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47719 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47719 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47720 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47720 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47720 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47730 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47730 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47730 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47731 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47731 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47731 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47734 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47734 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47734 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47735 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47735 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47735 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47743 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47743 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47743 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47742 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47742 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47742 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47744 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47744 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47744 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47750 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47750 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47750 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47751 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47751 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47751 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47752 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47752 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47752 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-47753 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-47753 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-47753 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49851 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49851 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49851 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49850 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49850 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49850 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49853 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49853 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49853 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49852 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49852 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49852 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49858 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49858 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49858 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49859 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49859 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49859 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49860 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49860 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49860 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49875 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49875 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49875 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49874 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49874 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49874 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49877 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49877 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49877 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49879 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49879 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49879 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49913 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49913 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49913 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49912 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49912 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49912 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50019 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50019 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50019 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50022 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50022 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50022 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50031 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50031 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50031 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50032 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50032 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50032 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50033 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50033 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50033 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50041 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50041 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50041 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50040 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50040 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50040 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50045 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50045 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50045 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50044 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50044 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50044 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50055 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50055 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50055 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50049 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50049 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50049 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50057 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50057 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 3.3 Temporal: 3.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50057 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50058 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50058 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50058 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50064 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50064 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50064 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-48795 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-08-16T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added kubevirt to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-compose to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added erlang to CBL-Mariner 2.0 Added libssh2 to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added openssh to CBL-Mariner 2.0 Added libssh to CBL-Mariner 2.0 1.0 2023-12-25T00:00:00 Information published. 2.0 2023-12-27T00:00:00 Added moby-cli to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-48795 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | cert-manager (CBL-Mariner) docker-buildx (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) docker-buildx (CBL-Mariner) kubernetes (CBL-Mariner) kubevirt (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) erlang (CBL-Mariner) kubernetes (CBL-Mariner) libssh (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) erlang (CBL-Mariner) kubernetes (CBL-Mariner) libssh (CBL-Mariner) |
Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| CVE ID | Acknowledgements |
| CVE-2023-48795 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-7256 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-7256 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | libpcap (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2023-7256 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-31852 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added libcxx to Azure Linux 3.0 Added rust to Azure Linux 3.0 Added llvm to Azure Linux 3.0 Added rust to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-31852 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | libcxx (CBL-Mariner) llvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
|
| Azure Linux 3.0 x64 | libcxx (CBL-Mariner) llvm (CBL-Mariner) rust (CBL-Mariner) |
Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
|
| CBL Mariner 2.0 ARM | rust (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CBL Mariner 2.0 x64 | rust (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-31852 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-20996 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-20996 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-20996 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21096 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21096 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21096 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21125 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21125 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21125 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21135 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21135 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21135 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21142 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21142 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21142 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21157 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21157 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21157 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21166 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21166 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21166 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21165 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21165 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21165 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21171 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21171 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21171 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21173 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21173 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21173 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21198 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21198 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21198 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21197 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21197 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21197 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21201 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21201 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21201 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21199 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21199 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21199 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21213 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21213 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.2 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21213 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21218 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21218 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21218 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21219 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21219 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21219 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21230 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21230 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21230 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21241 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21241 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21241 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21239 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-10-23T00:00:00 Information published. 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21239 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 4.9 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21239 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-21247 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-25T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 3.0 2024-11-09T00:00:00 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 1.0 2024-10-23T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-21247 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Unknown |
| Azure Linux 3.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Unknown |
| CBL Mariner 2.0 ARM | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Unknown |
| CBL Mariner 2.0 x64 | mysql (CBL-Mariner) | Unknown | Unknown | None | Base: 3.8 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-21247 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43167 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added unbound to Azure Linux 3.0 Added unbound to CBL-Mariner 2.0 1.0 2024-10-10T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43167 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 2.8 Temporal: 2.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 2.8 Temporal: 2.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 ARM | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 2.8 Temporal: 2.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 x64 | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 2.8 Temporal: 2.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43167 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-25629 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-10-22T00:00:00 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added fluent-bit to Azure Linux 3.0 Added c-ares to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 3.0 2024-11-09T00:00:00 Added python-gevent to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added c-ares to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 1.0 2024-02-26T00:00:00 Information published. 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-25629 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | c-ares (CBL-Mariner) fluent-bit (CBL-Mariner) nodejs (CBL-Mariner) python-gevent (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | c-ares (CBL-Mariner) fluent-bit (CBL-Mariner) nodejs (CBL-Mariner) python-gevent (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | fluent-bit (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | fluent-bit (CBL-Mariner) nodejs18 (CBL-Mariner) |
Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2024-25629 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-43790 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-09T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-43790 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
Unknown |
| Azure Linux 3.0 x64 | vim (CBL-Mariner) | Unknown | Unknown | None | Base: 4.5 Temporal: 4.5 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-43790 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-8508 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 2.0 2024-11-09T00:00:00 Added unbound to Azure Linux 3.0 Added unbound to CBL-Mariner 2.0 1.0 2024-10-10T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-8508 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| Azure Linux 3.0 x64 | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 ARM | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CBL Mariner 2.0 x64 | unbound (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-8508 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49882 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49882 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49882 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49892 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49892 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49892 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49881 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49881 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49881 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49900 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49900 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.1 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49900 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49895 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49895 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49895 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49903 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49903 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49903 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49924 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49924 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49924 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49930 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49930 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49930 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49953 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49953 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49953 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49958 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49958 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49958 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49955 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49955 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49955 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49957 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49957 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49957 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49962 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49962 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49962 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49960 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49960 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49960 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49963 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49963 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49963 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49966 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49966 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49966 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49975 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49975 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49975 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49978 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49978 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49978 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49981 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49981 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.0 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49981 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49983 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49983 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49983 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49992 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49992 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49992 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49989 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49989 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49989 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49987 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49987 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49987 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50000 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50000 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50000 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49995 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49995 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49995 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50005 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50005 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50005 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50002 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50002 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50002 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50012 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50012 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50012 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50007 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50007 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50007 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49761 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49761 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| CBL Mariner 2.0 ARM | ruby (CBL-Mariner) rubygem-rexml (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | ruby (CBL-Mariner) rubygem-rexml (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2024-49761 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50013 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50013 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50013 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50093 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50093 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50093 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2023-39325 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2023-10-23T00:00:00 Information published. 2.0 2023-10-28T00:00:00 Added coredns to CBL-Mariner 2.0 2.0 2023-10-24T00:00:00 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 4.0 2024-01-18T00:00:00 Added packer to CBL-Mariner 2.0 5.0 2024-04-20T00:00:00 Added git-lfs to CBL-Mariner 2.0 5.0 2024-02-02T00:00:00 Added kata-containers-cc to CBL-Mariner 2.0 6.0 2024-03-07T00:00:00 Added kata-containers to CBL-Mariner 2.0 1.0 2024-06-30T07:00:00 Information published. 1.0 2024-07-12T00:00:00 Information published. 1.0 2024-08-15T00:00:00 Information published. 1.0 2024-08-16T00:00:00 Information published. 1.0 2024-08-17T00:00:00 Information published. 1.0 2024-08-18T00:00:00 Information published. 1.0 2024-08-19T00:00:00 Information published. 1.0 2024-08-20T00:00:00 Information published. 1.0 2024-08-21T00:00:00 Information published. 1.0 2024-08-22T00:00:00 Information published. 1.0 2024-08-23T00:00:00 Information published. 1.0 2024-08-24T00:00:00 Information published. 1.0 2024-08-25T00:00:00 Information published. 1.0 2024-08-26T00:00:00 Information published. 1.0 2024-08-27T00:00:00 Information published. 1.0 2024-08-28T00:00:00 Information published. 1.0 2024-08-29T00:00:00 Information published. 1.0 2024-08-30T00:00:00 Information published. 1.0 2024-08-31T00:00:00 Information published. 1.0 2024-09-01T00:00:00 Information published. 1.0 2024-09-02T00:00:00 Information published. 1.0 2024-09-03T00:00:00 Information published. 1.0 2024-09-05T00:00:00 Information published. 1.0 2024-09-06T00:00:00 Information published. 1.0 2024-09-07T00:00:00 Information published. 1.0 2024-09-08T00:00:00 Information published. 1.0 2024-09-11T00:00:00 Information published. 7.0 2024-11-12T00:00:00 Added prometheus to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2023-39325 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cf-cli (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| Azure Linux 3.0 x64 | blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) cf-cli (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 ARM | blobfuse2 (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) etcd (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CBL Mariner 2.0 x64 | blobfuse2 (CBL-Mariner) coredns (CBL-Mariner) cri-tools (CBL-Mariner) etcd (CBL-Mariner) |
Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| CVE ID | Acknowledgements |
| CVE-2023-39325 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49870 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49870 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49870 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49868 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49868 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49868 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49884 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49884 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49884 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49890 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49890 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49890 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49883 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49883 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49883 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49889 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49889 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49889 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49929 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49929 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49929 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49931 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49931 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49931 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49959 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49959 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49959 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49961 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49961 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49961 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49936 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49936 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49936 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49950 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49950 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49950 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49969 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49969 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49969 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49973 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49973 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49973 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49985 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49985 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49985 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49980 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49980 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49980 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49982 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49982 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49982 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49996 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49996 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49996 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49993 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49993 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49993 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49991 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49991 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49991 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50001 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50001 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50001 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50003 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50003 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50003 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-49997 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-49997 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-49997 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50015 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50015 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50015 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2024-50016 MITRE NVD |
CVE Title: Unknown
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2024-11-12T00:00:00 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50016 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Unknown |
| CVE ID | Acknowledgements |
| CVE-2024-50016 | None |