Msrc Cbl2 Python3 3.9.19-13 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-4517 [CRITICAL] CWE-22 Arbitrary writes via tarfile realpath overflow Arbitrary writes via tarfile realpath overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2025-4138 [HIGH] CWE-22 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2025-4330 [HIGH] CWE-22 Extraction filter bypass for linking outside extraction directory Extraction filter bypass for linking outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2025-50181 [MEDIUM] CWE-601 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2025-6069 [MEDIUM] CWE-1333 HTMLParser quadratic complexity when processing malformed inputs HTMLParser quadratic complexity when processing malformed inputs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-12718 [MEDIUM] CWE-22 Bypass extraction filter to modify file metadata outside extraction directory Bypass extraction filter to modify file metadata outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versi

CVE-2025-4516 [MEDIUM] CWE-416 Use-after-free in "unicode_escape" decoder with error handler Use-after-free in "unicode_escape" decoder with error handler FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-8176 [HIGH] CWE-674 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat Libexpat: expat: improper restriction of xml entity expansion depth in libexpat FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2025-1795 [LOW] Mishandling of comma during folding and unicode-encoding of email headers Mishandling of comma during folding and unicode-encoding of email headers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2025-25183 [LOW] CWE-354 vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to d

CVE-2024-3220 [LOW] CWE-426 Default mimetype known files writeable on Windows Default mimetype known files writeable on Windows FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-11168 [MEDIUM] CWE-918 Improper validation of IPv6 and IPvFuture addresses Improper validation of IPv6 and IPvFuture addresses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-9287 [MEDIUM] CWE-428 Virtual environment (venv) activation scripts don't quote paths Virtual environment (venv) activation scripts don't quote paths FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra

CVE-2024-50602 [MEDIUM] CWE-754 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne

CVE-2024-6232 [HIGH] CWE-1333 Regular-expression DoS when parsing TarFile headers Regular-expression DoS when parsing TarFile headers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-45491 [CRITICAL] CWE-190 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect

CVE-2024-45492 [CRITICAL] CWE-190 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore po

CVE-2024-7592 [HIGH] CWE-1333 Quadratic complexity parsing cookies with backslashes Quadratic complexity parsing cookies with backslashes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-45490 [HIGH] CWE-611 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2024-8088 [HIGH] CWE-835 Infinite loop when iterating over zip archive entry names from zipfile.Path Infinite loop when iterating over zip archive entry names from zipfile.Path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of