Msrc Azl3 Boost 1.83.0-2 On Azure Linux 3.0 vulnerabilities

6 known vulnerabilities affecting msrc/azl3_boost_1.83.0-2_on_azure_linux_3.0.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-4746CRITICALCVSS 10.02026-03-10
CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes
msrc
CVE-2026-27601HIGHCVSS 7.52026-03-10
CVE-2026-27601 [HIGH] CWE-770 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes
msrc
CVE-2022-37434CRITICALCVSS 9.82022-08-09
CVE-2022-37434 [CRITICAL] CWE-787 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. S zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but
msrc
CVE-2018-7159MEDIUMCVSS 5.32018-05-08
CVE-2018-7159 [MEDIUM] CWE-115 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP spe The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value a
msrc
CVE-2012-6708MEDIUMCVSS 6.1PoC2018-01-09
CVE-2012-6708 [MEDIUM] CWE-79 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery d jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the 'Is Azure Lin
msrc
CVE-2015-9251MEDIUMCVSS 6.12018-01-09
CVE-2015-9251 [MEDIUM] CWE-79 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source
msrc