Update cve.md for all .NET Releases

release-notes/6.0/cve.md

@@ -1,18 +1,18 @@
 # .NET 6 CVEs
 
-The .NET Team releases [monthly updates for .NET 6](https://github.com/dotnet/announcements/labels/.NET%206.0) on [Patch Tuesday](https://en.wikipedia.org/wiki/Patch_Tuesday). These updates often include security fixes. If you are on an older version, your app may be vulnerable.
+The .NET Team releases [monthly updates for .NET 6](https://github.com/dotnet/announcements/labels/.NET%206.0) on [Patch Tuesday](https://en.wikipedia.org/wiki/Patch_Tuesday). These updates often include security fixes.
 
 Your app needs to be on the latest .NET 6 patch version to be secure. The longer you wait to upgrade, the greater the exposure to CVEs.
 
 ## Which CVEs apply to my app?
 
-Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using the given version or older.
+Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using an older .NET 6 patch version.
+
 - 6.0.26 (January 2024)
+  - [CVE-2024-0056 | .NET Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/292)
+  - [CVE-2024-0057 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/291)
   - [CVE-2024-21319 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/290)
-  - [CVE-2024-0057 | .NET Security Feature bypass Vulnerability](https://github.com/dotnet/announcements/issues/291)
-  - [CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/292)
 - 6.0.25 (November 2023)
-  - [CVE-2023-36038 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/286)
   - [CVE-2023-36049 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/287)
   - [CVE-2023-36558 | .NET Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/288)
 - 6.0.24 (October 2023)
@@ -33,9 +33,10 @@ Your app may be vulnerable to the following published security [CVEs](https://ww
 - 6.0.21 (August 2023)
   - [CVE-2023-35390 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/266)
   - [CVE-2023-38180 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/269)
-  - [CVE-2023-38178 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/268)
   - [CVE-2023-35391 | .NET Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/267)
 - 6.0.20 (July 2023)
+  - No new CVEs.
+- 6.0.19 (June 2023)
   - [CVE-2023-24895 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/261)
   - [CVE-2023-24897 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/260)
   - [CVE-2023-24936 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/259)
@@ -45,50 +46,46 @@ Your app may be vulnerable to the following published security [CVEs](https://ww
   - [CVE-2023-33126 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/254)
   - [CVE-2023-33128 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/253)
   - [CVE-2023-33135 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/252)
-- 6.0.19 (June 2023)
-  - No additional CVEs.
 - 6.0.18 (June 2023)
-  - No additional CVEs.
+  - No new CVEs.
 - 6.0.17 (May 2023)
-  - No additional CVEs.
+  - No new CVEs.
 - 6.0.16 (April 2023)
-  - No additional CVEs.
+  - [CVE-2023-28260 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/250)
 - 6.0.15 (March 2023)
-  - No additional CVEs.
+  - No new CVEs.
 - 6.0.14 (February 2023)
   - [CVE-2023-21808 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/247)
 - 6.0.13 (January 2023)
-  - [CVE 2023-21538 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/244)
+  - [CVE-2023-21538 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/244)
 - 6.0.12 (December 2022)
-  - [CVE 2022-41089 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/242)
+  - [CVE-2022-41089 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/242)
 - 6.0.11 (November 2022)
-  - No additional CVEs.
+  - No new CVEs.
 - 6.0.10 (October 2022)
-  - No additional CVEs.
+  - [CVE-2022-41032 | .NET Core Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/236)
 - 6.0.9 (September 2022)
-  - [CVE 2022-41032 | .NET Core Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/236)
+  - [CVE-2022-38013 | .NET Core Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/234) 
 - 6.0.8 (August 2022)
-  - [CVE 2022-38013 | .NET Core Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/234)
+  - [CVE-2022-34716 | .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/232)
 - 6.0.7 (July 2022)
-  - [CVE 2022-34716 | .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/232)
+  - No new CVEs.
 - 6.0.6 (June 2022)
-  - No additional CVEs.
+  - [CVE-2022-30184 | .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/225)
 - 6.0.5 (May 2022)
-  - [CVE 2022-30184 | .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/announcements/issues/225)
+  - [CVE-2022-29145 | ASP.NET Core Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/222)
+  - [CVE-2022-23267 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/221)
+  - [CVE-2022-29117 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/220)
 - 6.0.4 (April 2022)
-  - [CVE 2022-29145 | ASP.NET Core Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/222)
-  - [CVE 2022-23267 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/221)
-  - [CVE 2022-29117 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/220)
+  - No new CVEs.
 - 6.0.3 (March 2022)
-  - No additional CVEs.
-- 6.0.2 (February 2022)
   - [CVE-2022-24512 | .NET Remote Code Execution](https://github.com/dotnet/announcements/issues/213)
   - [CVE-2022-24464 | ASP.NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/212)
-- 6.0.1 (December 2021
+- 6.0.2 (February 2022)
   - [CVE-2022-21986 | ASP.NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/207)
-- 6.0.0 (November 2021)
+- 6.0.1 (December 2021)
   - [CVE-2021-43877 | ASP.NET Core Elevation of privilege Vulnerability](https://github.com/dotnet/announcements/issues/206)
+- 6.0.0 (November 2021)
+  - No new CVEs.
 
-The CVEs are displayed one month offset from when they were released. For example, the CVE listed with `6.0.0` was disclosed and a fix was published with `6.0.1`. `6.0.1` is not vulnerable to that CVE while `6.0.0` is. As a result, the CVE is listed with `6.0.0`, where it still applies. The same model is used for the other releases.
-
-The CVE exposure is cumulative. For example, `6.0.0` users may be vulnerable to the CVEs present in `6.0.0` and newer releases. Similarly, `6.0.3` users may be vulnerable to the CVEs present in `6.0.4` and newer releases. The latest release is not vulnerable to any published CVEs.
+CVE exposure is cumulative. For example, apps running on the `6.0.0` release may be vulnerable to the CVEs present in `6.0.1` and newer releases. The latest release is not vulnerable to any published CVEs.