Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2023-6936 [MEDIUM] CWE-126 Heap-buffer over-read with WOLFSSL_CALLBACKS Heap-buffer over-read with WOLFSSL_CALLBACKS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2023-6937 [MEDIUM] CWE-20 Improper (D)TLS key boundary enforcement Improper (D)TLS key boundary enforcement FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-23653 [CRITICAL] CWE-863 BuildKit interactive containers API does not validate entitlements check BuildKit interactive containers API does not validate entitlements check FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-21646 [CRITICAL] CWE-190 Azure IoT Platform Device SDK Remote Code Execution Vulnerability Azure IoT Platform Device SDK Remote Code Execution Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-23652 [CRITICAL] CWE-22 BuildKit possible host system access from mount stub cleaner BuildKit possible host system access from mount stub cleaner FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2023-45232 [HIGH] CWE-835 Infinite loop in EDK II Network Package Infinite loop in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-40548 [HIGH] CWE-787 Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-48622 [HIGH] CWE-787 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani fi In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata

CVE-2023-26159 [HIGH] CWE-601 Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it c Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exp

CVE-2023-45237 [MEDIUM] CWE-338 Use of a Weak PseudoRandom Number Generator in EDK II Network Package Use of a Weak PseudoRandom Number Generator in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2023-45234 [HIGH] CWE-119 Buffer Overflow in EDK II Network Package Buffer Overflow in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2022-36763 [HIGH] CWE-119 Heap Buffer Overflow in Tcg2MeasureGptTable Heap Buffer Overflow in Tcg2MeasureGptTable FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2023-6779 [HIGH] CWE-787 Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2024-0567 [HIGH] CWE-347 Gnutls: rejects certificate chain with distributed trust Gnutls: rejects certificate chain with distributed trust FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-23651 [HIGH] CWE-362 BuildKit possible race condition with accessing subpaths from cache mounts BuildKit possible race condition with accessing subpaths from cache mounts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-0553 [HIGH] CWE-203 Gnutls: incomplete fix for cve-2023-5981 Gnutls: incomplete fix for cve-2023-5981 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsof

CVE-2023-6246 [HIGH] CWE-787 Glibc: heap-based buffer overflow in __vsyslog_internal() Glibc: heap-based buffer overflow in __vsyslog_internal() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2023-51257 [HIGH] CWE-119 An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure

CVE-2023-45235 [HIGH] CWE-119 Buffer Overflow in EDK II Network Package Buffer Overflow in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-45233 [HIGH] CWE-835 Infinite loop in EDK II Network Package Infinite loop in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft