Msrc Cbl Mariner 1.0 Arm vulnerabilities

CVE-2007-4559 [CRITICAL] CVE-2007-4559: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: python3 Reference: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 Remediation: python2

CVE-2022-2601 [HIGH] CWE-121 Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-2601 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in th

CVE-2022-3775 [HIGH] CWE-122 Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-3775 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly ava

CVE-2023-0464 [HIGH] OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Mariner: Mariner OpenSSL Software Foundation: OpenSSL Software Foundation Customer Action Required: Yes Remediation: edk2 Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Remediation: hvloader Remediation: nodejs18 Remediation: op

CVE-2008-0888 [CRITICAL] CVE-2008-0888: Mariner: Mariner secalert@redhat Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2013-4342 [HIGH] CVE-2013-4342: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2013-4342 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: xinetd Reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4342

CVE-2014-9636 [MEDIUM] CVE-2014-9636: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2015-7696 [MEDIUM] CVE-2015-7696: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2007-2768 [MEDIUM] CVE-2007-2768: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2015-7697 [MEDIUM] CVE-2015-7697: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2012-6687 [MEDIUM] CVE-2012-6687: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2013-4420 [MEDIUM] CVE-2013-4420: Mariner: Mariner secalert@redhat Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2015-2987 [LOW] CVE-2015-2987: Mariner: Mariner vultures@jpcert Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2022-35737 [HIGH] MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-35737 FAQ: Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2022-35737 is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the SQLite organization. Microsoft has included the updated library in Windows that addresses this vulnerabili

CVE-2023-3611 [HIGH] CWE-787 Out-of-bounds write in Linux kernel's net/sched: sch_qfq component Out-of-bounds write in Linux kernel's net/sched: sch_qfq component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2023-3609 [HIGH] CWE-416 Use-after-free in Linux kernel's net/sched: cls_u32 component Use-after-free in Linux kernel's net/sched: cls_u32 component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-3776 [HIGH] CWE-416 Use-after-free in Linux kernel's net/sched: cls_fw component Use-after-free in Linux kernel's net/sched: cls_fw component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2023-3610 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-3863 [MEDIUM] CWE-416 Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2023-38409 [MEDIUM] CWE-362 An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc the fbcon_registered_fb and fbcon_di An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2f