Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-27983 [HIGH] An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 m An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the

CVE-2024-26885 [HIGH] CWE-119 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix DEVMAP_HASH overflow check on 32-bit arches FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-2757 [HIGH] CWE-400 PHP mb_encode_mimeheader runs endlessly for some inputs PHP mb_encode_mimeheader runs endlessly for some inputs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which th

CVE-2024-26884 [HIGH] CWE-119 bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-26913 [HIGH] CWE-191 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2023-38709 [HIGH] CWE-1284 Apache HTTP Server: HTTP response splitting Apache HTTP Server: HTTP response splitting FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-26907 [HIGH] CWE-416 RDMA/mlx5: Fix fortify source warning while accessing Eth segment RDMA/mlx5: Fix fortify source warning while accessing Eth segment FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-31744 [HIGH] CWE-617 In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific image file. FAQ: Is Azure Linux the only Microsoft product that incl

CVE-2024-32487 [HIGH] CWE-96 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fil less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploit

CVE-2024-26898 [HIGH] CWE-416 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-22189 [HIGH] CWE-770 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-32650 [HIGH] CWE-835 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitme

CVE-2024-26883 [HIGH] CWE-119 bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-27322 [HIGH] CWE-502 R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–<4.4.0) R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2023-45288 [HIGH] CWE-400 HTTP/2 CONTINUATION flood in net/http HTTP/2 CONTINUATION flood in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-21096 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerab Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where

CVE-2024-30260 [LOW] CWE-863 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2024-26901 [MEDIUM] CWE-908 do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-26903 [MEDIUM] CWE-476 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2024-2756 [MEDIUM] CWE-20 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li