"application/wita",
				"application/wordperfect5.1",
				"application/wsdl+xml",
				"application/wspolicy+xml",
				"application/x-123",
				"application/x-abiword",
				"application/x-ace-compressed",
				"application/x-axcrypt",
				"application/x-adobe-indesign",
				"application/x-adobe-indesign-interchange",
				"application/x-apple-diskimage",
				"application/x-appleworks",

          <match value="==" type="string" offset="16"/>
        </match>
      </match>
    </magic>
    <glob pattern="*.3ds"/>
  </mime-type>
  <mime-type type="image/aces">
    <_comment>ACES Image Container File</_comment>
    <magic priority="50">
      <match value="0x762F310102000000" type="string" offset="0"/>
      <match value="0x762F310102040000" type="string" offset="0"/>
    </magic>

arodef,ehtgnituor,mw:.ateb,,??e&a,cin-yrev-si,grof&loot,peh,?l&as-4-ffuts,poeparodef,?m&-morf,agevres,ohruoyslles,?nozdop,r&ehwongniogyldlob,iwym,uces-77ndc.nigiro.lss,?t&adidnac-a-si,is&-ybboh,golb,???fehc-a-si,golbymdaer,k&eeg-a&-si,si,?h,nut,?l&acol-si,i&amwt,ve-yrev-si,?lawerif&-ym,ym,?sd-ni,?m&acssecca,edom-elbac,?n&af&blm,cfu,egelloc,lfn,s&citlec-a-si,niurb-a-si,tap-a-si,?xos-a-si,?ibptth,o&itatsksid,rviop,?p&j,v-ni,??o&jodsnd,tp&az,oh,??p&i&-on,fles,?o&hbew,tksedeerf,?tf&e&moh,vres,?ym,??...

  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

  - kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

### API Change

rank.fusion.window_size=200
# Rank constant for rank fusion.
rank.fusion.rank_constant=20
# Number of threads for rank fusion.
rank.fusion.threads=-1
# Score field for rank fusion.
rank.fusion.score_field=rf_score

# acl

# Whether to get SMB roles from a file.
smb.role.from.file=true
# Available SID types for SMB.
smb.available.sid.types=1,2,4:2,5:1
# Whether to get file roles from a file.
file.role.from.file=true

  - kubelet 1.31.6
  - kubelet 1.32.2

This vulnerability was reported and fixed by Tim Allclair @tallclair from Google.


**CVSS Rating:** Medium (6.2) [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

## Changes by Kind

### Feature

  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

- Fix: skip case sensitivity when checking Azure NSG rules