Msrc Azl3 Vitess 19.0.4-7 On Azure Linux 3.0 vulnerabilities

5 known vulnerabilities affecting msrc/azl3_vitess_19.0.4-7_on_azure_linux_3.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-27969CRITICALCVSS 9.32026-02-10
CVE-2026-27969 [CRITICAL] CWE-22 Vitess users with backup storage access can write to arbitrary file paths on restore Vitess users with backup storage access can write to arbitrary file paths on restore Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2026-27965HIGHCVSS 8.42026-02-10
CVE-2026-27965 [HIGH] CWE-78 Vitess users with backup storage access can gain unauthorized access to production deployment environments Vitess users with backup storage access can gain unauthorized access to production deployment environments Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2024-53257MEDIUMCVSS 4.92024-12-10
CVE-2024-53257 [MEDIUM] CWE-79 Vitess allows HTML injection in /debug/querylogz & /debug/env Vitess allows HTML injection in /debug/querylogz & /debug/env FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries
msrc
CVE-2024-32886MEDIUMCVSS 4.92024-05-14
CVE-2024-32886 [MEDIUM] CWE-835 Vitess vulnerable to infinite memory consumption and vtgate crash Vitess vulnerable to infinite memory consumption and vtgate crash FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source
msrc
CVE-2017-14623HIGHCVSS 8.12017-09-12
CVE-2017-14623 [HIGH] CWE-287 In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to dete
msrc