csaf

Microsoft’s short public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for the Azure Linux product set — but it is not proof that no other Microsoft product contains the same upstream code; absence of a published VEX/CSAF...

Microsoft’s concise MSRC wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a categorical declaration that no other Microsoft product can or does include the same vulnerable Linux code...

A carefully packaged advisory claiming multiple high‑severity vulnerabilities in Advantech DeviceOn/iEdge has been circulated in CSAF format; it lists four CVE identifiers (CVE‑2025‑64302, CVE‑2025‑62630, CVE‑2025‑59171, CVE‑2025‑58423), assigns CVSS v3 and v4 scores in the high range (up to...

A newly disclosed Cross‑Site Scripting (XSS) vulnerability, tracked as CVE‑2025‑7746, affects a broad set of Schneider Electric Altivar drives and modules — including the ATVdPAC module (fixed in VW3A3530D version 25.0), multiple Altivar Process and Machine drives, and the ILC992 InterLink...