CVE-2025-21380: Azure Marketplace SaaS Resources Information Disclosure Vulnerability

CVE-2025-21385: Microsoft Purview Information Disclosure Vulnerability

CVE-2024-12695: Chromium: CVE-2024-12695 Out of bounds write in V8

CVE-2024-12694: Chromium: CVE-2024-12694 Use after free in Compositing

CVE-2024-12693: Chromium: CVE-2024-12693 Out of bounds memory access in V8

**Why is this GitHub CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in runc which is consumed by Azure Kubernetes Service. The mitigation for this vulnerability requires a security update, and a corresponding Azure Kubernetes Service update enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the Azure Kubernetes Service build published on January 31, 2024 is no longer vulnerable. Please see CVE-2024-21626 for more information.

Headline

CVE-2024-21626: GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds

Microsoft Security Response Center: Latest News