Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2021-33391 [CRITICAL] CWE-416 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who ch

CVE-2023-26253 [HIGH] CWE-125 In Gluster GlusterFS 11.0 there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. In Gluster GlusterFS 11.0 there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitme

CVE-2022-41722 [HIGH] CWE-22 Path traversal on Windows in path/filepath Path traversal on Windows in path/filepath FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr

CVE-2021-37501 [HIGH] CWE-787 Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentia

CVE-2022-31394 [HIGH] CWE-770 Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks. Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect

CVE-2023-23931 [MEDIUM] CWE-754 Cipher.update_into can corrupt memory in pyca cryptography Cipher.update_into can corrupt memory in pyca cryptography FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2023-25153 [MEDIUM] CWE-770 containerd OCI image importer memory exhaustion containerd OCI image importer memory exhaustion FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2023-25012 [MEDIUM] CWE-416 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is theref

CVE-2023-23916 [MEDIUM] CWE-770 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms meaning that a server response can be compressed multip An allocation of resources without limits or throttling vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customer

CVE-2023-23915 [MEDIUM] CWE-319 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using it A cleartext transmission of sensitive information vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who

CVE-2022-48285 [HIGH] CWE-22 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2022-3650 [HIGH] CWE-842 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information. A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore pot

CVE-2022-4415 [MEDIUM] CWE-200 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this

CVE-2023-22466 [MEDIUM] CWE-665 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-3437 [MEDIUM] CWE-122 A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI lib A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() alloca

CVE-2021-4238 [CRITICAL] CWE-331 Insufficient randomness in github.com/Masterminds/goutils Insufficient randomness in github.com/Masterminds/goutils FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2021-33640 [MEDIUM] CWE-416 After tar_close() libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function it continues to use pointer t: free_longlink_longname(t->th_buf) . As a resul After tar_close() libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result the released memory is used (use-after-free). FAQ: Is Azure Linu

CVE-2022-32221 [CRITICAL] CWE-668 When doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle When doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously was used to issue a `PUT` request which used that call

CVE-2022-44640 [CRITICAL] Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of

CVE-2021-44758 [HIGH] CWE-476 Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and