Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-37920 [HIGH] CWE-345 Certifi's removal of e-Tugra root certificate Certifi's removal of e-Tugra root certificate FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2023-37460 [HIGH] CWE-22 Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2022-33064 [HIGH] CWE-193 An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecifi An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecified impacts. FAQ: Is Azure Linux the only Microsoft product that incl

CVE-2023-3354 [HIGH] CWE-476 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with t

CVE-2022-47085 [HIGH] An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially af

CVE-2022-28736 [MEDIUM] CWE-416 There's a use-after-free vulnerability in grub_cmd_chainloader() function There's a use-after-free vulnerability in grub_cmd_chainloader() function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2022-28733 [HIGH] CWE-191 Integer underflow in grub_net_recv_ip4_packets Integer underflow in grub_net_recv_ip4_packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2022-33065 [HIGH] CWE-190 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or ot Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or other unspecified impacts. FAQ: Is Azure Linux the only Microsoft prod

CVE-2023-38325 [HIGH] CWE-295 The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep i

CVE-2022-28734 [HIGH] CWE-787 Out-of-bounds write when handling split HTTP headers Out-of-bounds write when handling split HTTP headers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2022-28735 [MEDIUM] The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. FAQ: Is Azure Linux the only Microso

CVE-2023-39128 [MEDIUM] CWE-787 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2022-28737 [MEDIUM] CWE-787 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2023-3817 [MEDIUM] CWE-834 Excessive time spent checking DH q parameter value Excessive time spent checking DH q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-3750 [MEDIUM] CWE-667 Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and

CVE-2023-39130 [MEDIUM] CWE-787 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choo

CVE-2023-39129 [MEDIUM] CWE-416 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2023-29404 [CRITICAL] CWE-94 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-29402 [CRITICAL] CWE-94 Code injection via go command with cgo in cmd/go Code injection via go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-32731 [HIGH] CWE-440 Information leak in gRPC Information leak in gRPC FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency