Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-1753 [HIGH] CWE-59 Buildah: full container escape at build time Buildah: full container escape at build time FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-28110 [HIGH] CWE-522 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mo

CVE-2024-22017 [HIGH] CWE-250 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped suc setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects a

CVE-2024-27308 [HIGH] CWE-416 Mio's tokens for named pipes may be delivered after deregistration Mio's tokens for named pipes may be delivered after deregistration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-30205 [HIGH] CWE-494 In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2023-50967 [HIGH] CWE-400 latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-50967 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by

CVE-2024-0901 [HIGH] CWE-129 SEGV and out of bounds memory read from malicious packet SEGV and out of bounds memory read from malicious packet FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-27289 [HIGH] CWE-89 pgx SQL Injection via Line Comment Creation pgx SQL Injection via Line Comment Creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2024-26651 [MEDIUM] sr9800: Add check for usbnet_get_endpoints sr9800: Add check for usbnet_get_endpoints FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-22025 [MEDIUM] CWE-404 A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node

CVE-2024-2379 [MEDIUM] CWE-295 QUIC certificate check bypass with wolfSSL QUIC certificate check bypass with wolfSSL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2024-28835 [MEDIUM] CWE-248 Gnutls: potential crash during chain building/verification Gnutls: potential crash during chain building/verification FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-0450 [MEDIUM] CWE-405 Quoted zip-bomb protection for zipfile Quoted zip-bomb protection for zipfile FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-28834 [MEDIUM] CWE-327 Gnutls: vulnerable to minerva side-channel information leak Gnutls: vulnerable to minerva side-channel information leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-20328 [MEDIUM] CWE-78 ClamAV VirusEvent File Processing Command Injection Vulnerability ClamAV VirusEvent File Processing Command Injection Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2024-30203 [MEDIUM] In Emacs before 29.3 Gnus treats inline MIME contents as trusted. In Emacs before 29.3 Gnus treats inline MIME contents as trusted. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-28863 [MEDIUM] CWE-400 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2024-2466 [MEDIUM] CWE-297 TLS certificate check bypass with mbedTLS TLS certificate check bypass with mbedTLS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr

CVE-2024-28180 [MEDIUM] CWE-409 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent an

CVE-2024-25580 [MEDIUM] CWE-120 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur vi An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. FAQ: Is Azure Linux the only Microsoft