Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-45142 [HIGH] CWE-770 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mo

CVE-2023-4911 [HIGH] CWE-787 Glibc: buffer overflow in ld.so leading to privilege escalation Glibc: buffer overflow in ld.so leading to privilege escalation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-46852 [HIGH] CWE-120 In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring. In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main be

CVE-2023-46136 [HIGH] CWE-787 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who

CVE-2023-5363 [HIGH] CWE-684 Incorrect cipher key & IV length processing Incorrect cipher key & IV length processing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2023-39325 [HIGH] CWE-770 HTTP/2 rapid reset can cause excessive work in net/http HTTP/2 rapid reset can cause excessive work in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2023-4693 [MEDIUM] CWE-125 Grub2: out-of-bounds read at fs/ntfs.c Grub2: out-of-bounds read at fs/ntfs.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-5752 [MEDIUM] CWE-77 Mercurial configuration injectable in repo revision when installing via pip Mercurial configuration injectable in repo revision when installing via pip FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2023-46752 [MEDIUM] An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-43804 [MEDIUM] CWE-200 `Cookie` HTTP header isn't stripped on cross-origin redirects `Cookie` HTTP header isn't stripped on cross-origin redirects FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-45803 [MEDIUM] CWE-200 Request body not stripped after redirect in urllib3 Request body not stripped after redirect in urllib3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2023-46753 [MEDIUM] CWE-863 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther

CVE-2023-5371 [MEDIUM] CWE-789 Memory Allocation with Excessive Size Value in Wireshark Memory Allocation with Excessive Size Value in Wireshark NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-5371 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rece

CVE-2023-46118 [MEDIUM] CWE-400 Denial of Service by publishing large messages over the HTTP API Denial of Service by publishing large messages over the HTTP API FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2023-47090 [MEDIUM] CWE-863 NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the inten NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the intention of the configuration was for each user to have an account. The

CVE-2023-38546 [LOW] This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl

CVE-2023-36328 [CRITICAL] CWE-190 Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS). Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS). FAQ: Is Azure Linux the only Microsoft product that includes this ope

CVE-2023-4504 [HIGH] CWE-787 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2023-4785 [HIGH] CWE-248 Denial of Service in gRPC Core Denial of Service in gRPC Core FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2023-3341 [HIGH] CWE-787 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent