Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-0614 [MEDIUM] CWE-312 The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. FAQ: Is Azure Linux the only Microsoft product

CVE-2023-0922 [MEDIUM] CWE-319 The Samba AD DC administration tool when operating against a remote LDAP server will by default send new or reset passwords over a signed-only connection. The Samba AD DC administration tool when operating against a remote LDAP server will by default send new or reset passwords over a signed-only connection. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the

CVE-2021-45985 [HIGH] CWE-1395 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 Description: This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table hav

CVE-2023-25668 [CRITICAL] CWE-122 TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recen

CVE-2023-25664 [HIGH] CWE-120 TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2022-45141 [CRITICAL] CWE-326 Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak Vulnerable Samba Active Directory Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target serv

CVE-2023-25672 [HIGH] CWE-476 TensorFlow has Null Pointer Error in LookupTableImportV2 TensorFlow has Null Pointer Error in LookupTableImportV2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-25673 [HIGH] CWE-697 TensorFlow has Floating Point Exception in TensorListSplit with XLA TensorFlow has Floating Point Exception in TensorListSplit with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-26484 [HIGH] CWE-863 On a compromised KubeVirt node the virt-handler service account can be used to modify all node specs On a compromised KubeVirt node the virt-handler service account can be used to modify all node specs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to da

CVE-2023-25662 [HIGH] CWE-190 TensorFlow vulnerable to integer overflow in EditDistance TensorFlow vulnerable to integer overflow in EditDistance FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-25667 [MEDIUM] CWE-190 TensorFlow vulnerable to segfault when opening multiframe gif TensorFlow vulnerable to segfault when opening multiframe gif FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-25671 [HIGH] CWE-787 TensorFlow has segmentation fault in tfg-translate TensorFlow has segmentation fault in tfg-translate FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2022-4904 [HIGH] CWE-1284 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a d A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity

CVE-2023-25669 [HIGH] CWE-697 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA TensorFlow has Floating Point Exception in AvgPoolGrad with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-27533 [HIGH] CWE-74 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server A vulnerability in input validation exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux d

CVE-2023-25674 [HIGH] CWE-476 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable TensorFlow has Null Pointer Error in RandomShuffle with XLA enable FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-25663 [HIGH] CWE-476 TensorFlow has Null Pointer Error in TensorArrayConcatV2 TensorFlow has Null Pointer Error in TensorArrayConcatV2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-25658 [HIGH] CWE-125 TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-27534 [HIGH] CWE-22 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intend A path traversal vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro

CVE-2023-25666 [HIGH] CWE-697 TensorFlow has Floating Point Exception in AudioSpectrogram TensorFlow has Floating Point Exception in AudioSpectrogram FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with