MSRC Reports
@msrcreports
61 subscribers
2.99K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
CVE-2022-32207 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32207
8 views
MSRC Reports
CVE-2025-71074 functionfs: fix the open/removal races

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71074
6 views
MSRC Reports
CVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probe

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71081
6 views
MSRC Reports
CVE-2025-71064 net: hns3: using the num_tqps in the vf driver to apply for resources

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71064
6 views
MSRC Reports
CVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68817
6 views
MSRC Reports
CVE-2025-68819 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68819
6 views
MSRC Reports
CVE-2025-71067 ntfs: set dummy blocksize to read boot_block when mounting

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71067
7 views
MSRC Reports
CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71066
8 views
MSRC Reports
CVE-2025-68808 media: vidtv: initialize local pointers upon transfer of memory ownership

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68808
8 views
MSRC Reports
CVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68781
7 views
MSRC Reports
CVE-2025-68823 ublk: fix deadlock when reading partition table

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68823
6 views
MSRC Reports
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22702
7 views
MSRC Reports
CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21860
7 views
MSRC Reports
CVE-2025-14819 OpenSSL partial chain store policy bypass

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14819
6 views
MSRC Reports
CVE-2025-15079 libssh global known_hosts override

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15079
6 views
MSRC Reports
CVE-2025-14524 bearer token leak on cross-protocol redirect

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524
6 views
MSRC Reports
CVE-2025-15224 libssh key passphrase bypass without agent set

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224
7 views
MSRC Reports
CVE-2025-14017 broken TLS options for threaded LDAPS

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14017
7 views
MSRC Reports
CVE-2025-13034 No QUIC certificate pinning with GnuTLS

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13034
7 views
MSRC Reports
CVE-2025-68766 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68766
8 views
MSRC Reports
CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68753
9 views