Msrc Cbl Mariner 1.0 Arm vulnerabilities

CVE-2021-31162 [CRITICAL] CWE-415 In the standard library in Rust before 1.52.0 a double free can occur in the Vec::from_iter function if freeing the element panics. In the standard library in Rust before 1.52.0 a double free can occur in the Vec::from_iter function if freeing the element panics. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose t

CVE-2021-25216 [HIGH] CWE-125 A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitme

CVE-2020-36318 [CRITICAL] CWE-415 In the standard library in Rust before 1.49.0 VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double In the standard library in Rust before 1.49.0 VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. FAQ: Is Azure Linux the only Microsoft product that inclu

CVE-2021-26291 [CRITICAL] CWE-346 block repositories using http by default block repositories using http by default FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2020-36317 [HIGH] CWE-787 In the standard library in Rust before 1.49.0 String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could resul In the standard library in Rust before 1.49.0 String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF

CVE-2021-29154 [HIGH] CWE-77 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bp BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. FAQ: Is Azure Linux t

CVE-2021-1386 [HIGH] CWE-427 Cisco Advanced Malware Protection for Endpoints Windows Connector ClamAV for Windows and Immunet DLL Hijacking Vulnerability Cisco Advanced Malware Protection for Endpoints Windows Connector ClamAV for Windows and Immunet DLL Hijacking Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Li

CVE-2021-28965 [HIGH] The REXML gem before 3.2.5 in Ruby before 2.6.7 2.7.x before 2.7.3 and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and seriali The REXML gem before 3.2.5 in Ruby before 2.6.7 2.7.x before 2.7.3 and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. FAQ: Is Azure Linux the only Microsoft product that includes this open

CVE-2021-28875 [HIGH] CWE-252 In the standard library in Rust before 1.50.0 read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. In the standard library in Rust before 1.50.0 read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this

CVE-2021-28877 [HIGH] CWE-119 In the standard library in Rust before 1.51.0 the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due In the standard library in Rust before 1.51.0 the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. FA

CVE-2021-3506 [HIGH] CWE-125 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain acces An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of inter

CVE-2021-23133 [MEDIUM] CWE-362 Linux Kernel sctp_destroy_sock race condition Linux Kernel sctp_destroy_sock race condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2020-36323 [HIGH] CWE-134 In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes aft In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. FAQ: Is Azure Linux the only Microsoft pro

CVE-2021-25215 [HIGH] CWE-617 An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2021-20305 [HIGH] CWE-787 A flaw was found in Nettle in versions before 3.7.2 where several Nettle signature verification functions (GOST DSA EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply functi A flaw was found in Nettle in versions before 3.7.2 where several Nettle signature verification functions (GOST DSA EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers possibly resulting in incor

CVE-2021-20294 [HIGH] CWE-787 A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow out-of-bounds write of arbitr A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is

CVE-2020-18032 [HIGH] CWE-120 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. FAQ: Is Azu

CVE-2021-1252 [HIGH] CWE-835 Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2021-1404 [HIGH] CWE-125 Clam AntiVirus (ClamAV) Email Parser Denial of Service Vulnerability Clam AntiVirus (ClamAV) Email Parser Denial of Service Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2021-1405 [HIGH] CWE-909 Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l