Msrc Cbl2 Ceph 16.2.10-7 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-52939 [CRITICAL] CWE-787 Potential heap-buffer overflow vulnerability in NotepadNext Potential heap-buffer overflow vulnerability in NotepadNext FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2023-43040 [MEDIUM] CWE-1220 IBM Spectrum Fusion HCI improper access control IBM Spectrum Fusion HCI improper access control FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2020-22217 [MEDIUM] CWE-125 Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Az

CVE-2023-31130 [MEDIUM] CWE-787 Buffer Underwrite in ares_inet_net_pton() Buffer Underwrite in ares_inet_net_pton() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-31147 [MEDIUM] CWE-330 Insufficient randomness in generation of DNS query IDs in c-ares Insufficient randomness in generation of DNS query IDs in c-ares FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2022-3854 [MEDIUM] CWE-177 A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service. A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is the

CVE-2022-3650 [HIGH] CWE-842 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information. A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore pot

CVE-2021-3672 [MEDIUM] CWE-79 A flaw was found in c-ares library where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Doma A flaw was found in c-ares library where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confid

CVE-2020-27304 [CRITICAL] CWE-22 The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows when using the built-in HTTP form-based file upload mechanism via the mg_handle_form_request API. The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows when using the built-in HTTP form-based file upload mechanism via the mg_handle_form_request API. Web applications that use the file upload form handler and use pa

CVE-2021-28361 [HIGH] CWE-476 An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected) the iSCSI target can crash with a An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected) the iSCSI target can crash with a NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft pro

CVE-2021-24032 [MEDIUM] CWE-276 Beginning in v1.4.1 and prior to v1.4.9 due to an incomplete fix for CVE-2021-24031 the Zstandard command-line utility created output files with default permissions and restricted those permissions im Beginning in v1.4.1 and prior to v1.4.9 due to an incomplete fix for CVE-2021-24031 the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be r

CVE-2020-14376 [HIGH] CWE-120 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. T A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality

CVE-2020-14378 [LOW] CWE-191 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could ca An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop.

CVE-2020-13630 [HIGH] CWE-416 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature. ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitme

CVE-2020-10724 [MEDIUM] CWE-190 A vulnerability was found in DPDK versions 18.11 and above A vulnerability was found in DPDK versions 18.11 and above FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2020-13435 [MEDIUM] CWE-476 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2020-13632 [MEDIUM] CWE-476 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2020-13434 [MEDIUM] CWE-190 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2020-10722 [MEDIUM] CWE-190 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. FAQ: Is Azure Linux the only Microsoft product

CVE-2020-13631 [MEDIUM] SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c. SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur