Microsoft Security
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability 21 Mei 2026 om 16:00

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

21 Mei 2026 om 16:00

Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.

Microsoft Security
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node 21 Mei 2026 om 10:39

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

Microsoft Security

21 Mei 2026 om 10:39

Information published.

Microsoft Security
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame 21 Mei 2026 om 10:03

CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Microsoft Security

21 Mei 2026 om 10:03

Information published.

Microsoft Security
CVE-2026-45736 ws: Uninitialized memory disclosure 21 Mei 2026 om 10:03

CVE-2026-45736 ws: Uninitialized memory disclosure

Microsoft Security

21 Mei 2026 om 10:03

Information published.

Microsoft Security
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection 21 Mei 2026 om 10:03

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Microsoft Security

21 Mei 2026 om 10:03

Information published.

Microsoft Security
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service 21 Mei 2026 om 10:03

CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service

Microsoft Security

21 Mei 2026 om 10:03

Information published.

Microsoft Security
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options 21 Mei 2026 om 10:03

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

Microsoft Security

21 Mei 2026 om 10:03

Information published.

Microsoft Security
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations 21 Mei 2026 om 10:02

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-40622 Another 'ghost domain names' attack variant 21 Mei 2026 om 10:02

CVE-2026-40622 Another 'ghost domain names' attack variant

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-42534 Jostle logic bypass degrades resolution performance 21 Mei 2026 om 10:02

CVE-2026-42534 Jostle logic bypass degrades resolution performance

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-41292 Long list of incoming EDNS options degrades performance 21 Mei 2026 om 10:02

CVE-2026-41292 Long list of incoming EDNS options degrades performance

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation 21 Mei 2026 om 10:02

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-44608 Use after free and crash under special conditions in RPZ code 21 Mei 2026 om 10:02

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-42959 Crash during DNSSEC validation of malicious content 21 Mei 2026 om 10:02

CVE-2026-42959 Crash during DNSSEC validation of malicious content

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section 21 Mei 2026 om 10:02

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-32792 Packet of death with DNSCrypt 21 Mei 2026 om 10:02

CVE-2026-32792 Packet of death with DNSCrypt

Microsoft Security

21 Mei 2026 om 10:02

Information published.

Microsoft Security
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write 21 Mei 2026 om 10:02

CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic 21 Mei 2026 om 10:01

CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy 21 Mei 2026 om 10:01

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution 21 Mei 2026 om 10:01

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files() 21 Mei 2026 om 10:01

CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure 21 Mei 2026 om 10:01

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls 21 Mei 2026 om 10:01

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Microsoft Security

21 Mei 2026 om 10:01

Information published.

Microsoft Security
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability 20 Mei 2026 om 16:00

CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability

Microsoft Security

20 Mei 2026 om 16:00

The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers should continue to install the recommended updates to remain protected from this vulnerability.