Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2023-25659 [HIGH] CWE-125 TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2023-27579 [HIGH] CWE-697 TensorFlow has Floating Point Exception in TFLite in conv kernel TensorFlow has Floating Point Exception in TFLite in conv kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2023-25676 [HIGH] CWE-476 TensorFlow has null dereference on ParallelConcat with XLA TensorFlow has null dereference on ParallelConcat with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2023-25670 [HIGH] CWE-476 TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2023-25801 [HIGH] CWE-415 TensorFlow has double free in Fractional(Max/Avg)Pool TensorFlow has double free in Fractional(Max/Avg)Pool FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-1393 [HIGH] CWE-416 A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW) the Xserver would leav A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW) the Xserver would leave a dangling pointer to that window in the CompScreen structure which

CVE-2023-25665 [HIGH] CWE-476 TensorFlow has Null Pointer Error in SparseSparseMaximum TensorFlow has Null Pointer Error in SparseSparseMaximum FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-25660 [HIGH] CWE-476 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print` TensorFlow vulnerable to seg fault in `tf.raw_ops.Print` FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2022-3116 [HIGH] CWE-476 The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the app The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. FAQ: Is Azure Linux the only Microsoft product tha

CVE-2023-25675 [HIGH] CWE-697 TensorFlow has Segfault in Bincount with XLA TensorFlow has Segfault in Bincount with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2023-27538 [MEDIUM] CWE-287 An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prev An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prevented reuse. libcurl maintains a pool of previously used connection

CVE-2023-1544 [MEDIUM] CWE-770 Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2023-27535 [MEDIUM] CWE-287 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created conn An authentication bypass vulnerability exists in libcurl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2023-27478 [MEDIUM] CWE-200 Disclosure of unrelated data in libmemcached-awesome Disclosure of unrelated data in libmemcached-awesome FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-0465 [MEDIUM] CWE-295 Invalid certificate policies in leaf certificates are silently ignored Invalid certificate policies in leaf certificates are silently ignored FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the ope

CVE-2023-27537 [MEDIUM] CWE-415 A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b A double free vulnerability exists in libcurl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux dis

CVE-2021-20251 [MEDIUM] CWE-362 A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne

CVE-2022-3854 [MEDIUM] CWE-177 A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service. A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is the

CVE-2023-27536 [MEDIUM] CWE-287 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec An authentication bypass vulnerability exists libcurl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure L

CVE-2023-23914 [CRITICAL] CWE-319 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support curl A cleartext transmission of sensitive information vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers wh