Msrc Azl3 Ceph 18.2.2-11 On Azure Linux 3.0 vulnerabilities

5 known vulnerabilities affecting msrc/azl3_ceph_18.2.2-11_on_azure_linux_3.0.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-47866HIGHCVSS 7.52025-11-11
CVE-2024-47866 [HIGH] CWE-20 RGW DoS attack with empty HTTP header in S3 object copy RGW DoS attack with empty HTTP header in S3 object copy Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2025-46817HIGHCVSS 7.0PoC2025-10-14
CVE-2025-46817 [HIGH] CWE-190 Lua library commands may lead to integer overflow and potential RCE Lua library commands may lead to integer overflow and potential RCE FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc
msrc
CVE-2023-26819LOWCVSS 2.92025-04-08
CVE-2023-26819 [LOW] CWE-440 cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected
msrc
CVE-2018-14040MEDIUMCVSS 6.12018-07-10
CVE-2018-14040 [MEDIUM] In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of
msrc
CVE-2018-7159MEDIUMCVSS 5.32018-05-08
CVE-2018-7159 [MEDIUM] CWE-115 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP spe The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value a
msrc