Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-49967 [HIGH] CVE-2024-49967: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49967 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-49967

CVE-2024-42072 [HIGH] CVE-2024-42072: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-42072 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-42072

CVE-2024-43790 [MEDIUM] CVE-2024-43790: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-43790 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: vim Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-43790

CVE-2012-2677 [MEDIUM] CVE-2012-2677: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2012-2677 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: mysql Reference: https://nvd.nist.gov/vuln/detail/CVE-2012-2677

CVE-2024-5569 [MEDIUM] CVE-2024-5569: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5569 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: python-zipp Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-5569

CVE-2024-52338 [CRITICAL] CWE-502 Apache Arrow R package: Arbitrary code execution when loading a malicious data file Apache Arrow R package: Arbitrary code execution when loading a malicious data file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mo

CVE-2024-11236 [CRITICAL] CWE-787 Integer overflow in the firebird and dblib quoters causing OOB writes Integer overflow in the firebird and dblib quoters causing OOB writes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-8932 [CRITICAL] CWE-787 OOB access in ldap_escape OOB access in ldap_escape FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar

CVE-2024-5535 [CRITICAL] CWE-1395 OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5535 Description: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerabil

CVE-2024-11233 [MEDIUM] CWE-122 Single byte overread with convert.quoted-printable-decode filter Single byte overread with convert.quoted-printable-decode filter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-10963 [HIGH] CWE-287 Pam: improper hostname interpretation in pam_access leads to access control bypass Pam: improper hostname interpretation in pam_access leads to access control bypass FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2024-25431 [HIGH] CWE-125 An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility funct An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. FAQ: Is Azure Linux the only Microsoft product that includes th

CVE-2024-52336 [HIGH] CWE-269 Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the

CVE-2024-36623 [HIGH] CWE-362 moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application cra moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. FAQ: Is Azure Linux the only Microsoft product that includes t

CVE-2024-27532 [HIGH] CWE-476 wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main bene

CVE-2024-11234 [MEDIUM] CWE-20 Configuring a proxy in a stream context might allow for CRLF injection in URIs Configuring a proxy in a stream context might allow for CRLF injection in URIs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2024-52308 [HIGH] CWE-77 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2024-10220 [HIGH] CWE-22 Arbitrary command execution through gitRepo volume Arbitrary command execution through gitRepo volume FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2024-53899 [HIGH] CWE-77 virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. FAQ: Is Azure Linux the only Microsoft product that

CVE-2024-36621 [MEDIUM] CWE-362 moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulti moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. FAQ: Is Azure Linux the only Micr