Msrc Azl3 Mariadb 10.11.11-1 On Azure Linux 3.0 vulnerabilities

15 known vulnerabilities affecting msrc/azl3_mariadb_10.11.11-1_on_azure_linux_3.0.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH4MEDIUM6LOW4

Vulnerabilities

Page 1 of 1

CVE-2025-13699HIGHCVSS 7.02025-12-09

CVE-2025-13699 [HIGH] CWE-22 MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability Mariner: Mariner zdi: zdi Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

msrc

CVE-2025-13912LOWCVSS 1.02025-12-09

CVE-2025-13912 [LOW] CWE-203 Potential non-constant time compiled code with Clang LLVM Potential non-constant time compiled code with Clang LLVM Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

msrc

CVE-2025-11931HIGHCVSS 8.22025-11-11

CVE-2025-11931 [LOW] CWE-191 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-11935HIGHCVSS 7.52025-11-11

CVE-2025-11935 [MEDIUM] CWE-326 Forward Secrecy Violation in WolfSSL TLS 1.3 Forward Secrecy Violation in WolfSSL TLS 1.3 Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-11932MEDIUMCVSS 4.32025-11-11

CVE-2025-11932 [LOW] CWE-203 Timing Side-Channel in PSK Binder Verification Timing Side-Channel in PSK Binder Verification Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-11933MEDIUMCVSS 6.52025-11-11

CVE-2025-11933 [LOW] CWE-20 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-11936MEDIUMCVSS 5.32025-11-11

CVE-2025-11936 [MEDIUM] CWE-20 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-11934LOWCVSS 2.72025-11-11

CVE-2025-11934 [LOW] CWE-20 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-12889LOWCVSS 2.32025-11-11

CVE-2025-12889 [LOW] CWE-20 TLS 1.2 Client Can Downgrade Digest Used TLS 1.2 Client Can Downgrade Digest Used Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-12888LOWCVSS 1.02025-11-11

CVE-2025-12888 [LOW] CWE-203 Constant Time Issue with Xtensa-based ESP32 and X22519 Constant Time Issue with Xtensa-based ESP32 and X22519 Mariner: Mariner wolfSSL: wolfSSL Customer Action Required: Yes

msrc

CVE-2025-7395CRITICALCVSS 9.22025-07-08

CVE-2025-7395 [CRITICAL] CWE-295 Domain Name Validation Bypass with Apple Native Certificate Validation Domain Name Validation Bypass with Apple Native Certificate Validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

msrc

CVE-2025-7394HIGHCVSS 7.02025-07-08

CVE-2025-7394 [HIGH] CWE-200 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated

msrc

CVE-2023-52971MEDIUMCVSS 4.92025-07-08

CVE-2023-52971 [MEDIUM] CWE-1038 MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-52971 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customer

msrc

CVE-2023-52970MEDIUMCVSS 4.92025-03-11

CVE-2023-52970 [MEDIUM] CWE-1038 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. FAQ: Is Azure Linux the only Microsoft product that includes this open-source

msrc

CVE-2023-52969MEDIUMCVSS 4.92025-03-11

CVE-2023-52969 [MEDIUM] CWE-1038 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. FAQ: Is Azure Linux the only Microsoft product

msrc