Msrc Azl3 Python-Tensorboard 2.16.2-6 vulnerabilities

CVE-2026-3381 [CRITICAL] CWE-1395 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib Mariner: Mariner CPANSec: CPANSec Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2026-22184 [MEDIUM] CWE-120 zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname() zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname() Mariner: Mariner VulnCheck: VulnCheck Customer Action Required: Yes

CVE-2025-61729 [HIGH] Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2025-61724 [MEDIUM] Excessive CPU consumption in Reader.ReadResponse in net/textproto Excessive CPU consumption in Reader.ReadResponse in net/textproto FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-58188 [HIGH] Panic when validating certificates with DSA public keys in crypto/x509 Panic when validating certificates with DSA public keys in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2025-58183 [MEDIUM] Unbounded allocation when parsing GNU sparse map in archive/tar Unbounded allocation when parsing GNU sparse map in archive/tar FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2025-58186 [MEDIUM] Lack of limit when parsing cookies can cause memory exhaustion in net/http Lack of limit when parsing cookies can cause memory exhaustion in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2025-22870 [MEDIUM] CWE-115 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2025-1744 [CRITICAL] CWE-787 Out-of-bounds Write in radare2 Out-of-bounds Write in radare2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed t

CVE-2023-5678 [MEDIUM] CWE-754 Excessive time spent in DH check / generation with large Q parameter value Excessive time spent in DH check / generation with large Q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-45853 [CRITICAL] CWE-190 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported par MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vuln

CVE-2022-41717 [MEDIUM] CWE-770 Excessive memory growth in net/http and golang.org/x/net/http2 Excessive memory growth in net/http and golang.org/x/net/http2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2022-29526 [MEDIUM] CWE-269 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. FAQ: Is Azure Linux the only Microsoft product that includes this open-

CVE-2018-25032 [HIGH] CWE-787 zlib before 1.2.12 allows memory corruption when deflating (i.e. when compressing) if the input has many distant matches. zlib before 1.2.12 allows memory corruption when deflating (i.e. when compressing) if the input has many distant matches. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux di