Msrc Azl3 Ceph 18.2.2-1 On Azure Linux 3.0 vulnerabilities

CVE-2021-3672 [MEDIUM] CWE-79 A flaw was found in c-ares library where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Doma A flaw was found in c-ares library where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confid

CVE-2021-28361 [HIGH] CWE-476 An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected) the iSCSI target can crash with a An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected) the iSCSI target can crash with a NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft pro

CVE-2020-14378 [LOW] CWE-191 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could ca An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop.

CVE-2020-10724 [MEDIUM] CWE-190 A vulnerability was found in DPDK versions 18.11 and above A vulnerability was found in DPDK versions 18.11 and above FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2020-10722 [MEDIUM] CWE-190 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. FAQ: Is Azure Linux the only Microsoft product

CVE-2020-10723 [MEDIUM] CWE-190 A memory corruption issue was found in DPDK versions 17.05 and above A memory corruption issue was found in DPDK versions 17.05 and above FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2012-6708 [MEDIUM] CWE-79 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery d jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the 'Is Azure Lin

CVE-2015-9251 [MEDIUM] CWE-79 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source