Msrc Cbl Mariner 1.0 Arm vulnerabilities

CVE-2021-46659 [MEDIUM] MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Az

CVE-2021-4160 [MEDIUM] BN_mod_exp may produce incorrect results on MIPS BN_mod_exp may produce incorrect results on MIPS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2021-44733 [HIGH] CWE-362 A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a sh A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. FAQ: Is Azure Linux the only Microsoft product t

CVE-2021-45485 [HIGH] CWE-327 In the IPv6 implementation in the Linux kernel before 5.13.3 net/ipv6/output_core.c has an information leak because of certain use of a hash table which although big doesn't properly consider that IPv In the IPv6 implementation in the Linux kernel before 5.13.3 net/ipv6/output_core.c has an information leak because of certain use of a hash table which although big doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source address

CVE-2015-3276 [HIGH] CVE-2015-3276: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3276 Mariner: Mariner [email protected]: [email protected] Exploit Status: DOS:N/A Remediation: openldap

CVE-2021-4166 [HIGH] CWE-125 Out-of-bounds Read in vim/vim Out-of-bounds Read in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tran

CVE-2021-45469 [HIGH] CWE-125 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

CVE-2021-4192 [HIGH] CWE-416 Use After Free in vim/vim Use After Free in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency

CVE-2021-4173 [HIGH] CWE-416 Use After Free in vim/vim Use After Free in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency

CVE-2021-4193 [MEDIUM] CWE-125 Out-of-bounds Read in vim/vim Out-of-bounds Read in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2021-43896 [MEDIUM] Microsoft PowerShell Spoofing Vulnerability Microsoft PowerShell Spoofing Vulnerability NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43896 Microsoft PowerShell: Microsoft PowerShell Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Remediation: powershell Remediation: Release Notes Reference: https://github.

CVE-2021-45486 [LOW] CWE-327 In the IPv4 implementation in the Linux kernel before 5.12.4 net/ipv4/route.c has an information leak because the hash table is very small. In the IPv4 implementation in the Linux kernel before 5.12.4 net/ipv4/route.c has an information leak because the hash table is very small. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers w

CVE-2021-41771 [HIGH] CWE-119 ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer aka an out-of-bounds slice situation. ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer aka an out-of-bounds slice situation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and

CVE-2021-37322 [HIGH] CWE-416 GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep i

CVE-2021-41772 [HIGH] CWE-20 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabil

CVE-2021-3572 [MEDIUM] CWE-20 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in

CVE-2021-44225 [MEDIUM] In Keepalived through 2.2.4 the D-Bus policy does not sufficiently restrict the message destination allowing any user to inspect and manipulate any property. This leads to access-control bypass in som In Keepalived through 2.2.4 the D-Bus policy does not sufficiently restrict the message destination allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (wri

CVE-2021-22931 [CRITICAL] CWE-20 Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to Remote Code Execution XSS Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns li Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to Remote Code Execution XSS Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Doma

CVE-2021-40330 [HIGH] git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character which may result in unexpected cross-protocol requests as demonstrated by the git://localhost: git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character which may result in unexpected cross-protocol requests as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. FAQ: Is Azure Linux the only

CVE-2021-3712 [HIGH] CWE-125 Read buffer overruns processing ASN.1 strings Read buffer overruns processing ASN.1 strings FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed