Msrc Cbl Mariner 1.0 Arm vulnerabilities

CVE-2019-3842 [HIGH] CWE-863 In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configura In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configurations to set a XDG_SEAT environment variable which allows for commands

CVE-2019-3886 [MEDIUM] CWE-862 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing uni An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block

CVE-2019-2708 [LOW] Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows l Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastru

CVE-2019-3832 [MEDIUM] CWE-125 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. FAQ: Is Azure Linux the only Mi

CVE-2019-6454 [MEDIUM] CWE-787 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sendin

CVE-2019-9169 [CRITICAL] CWE-125 In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is t

CVE-2019-9075 [HIGH] CWE-787 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2019-9070 [HIGH] CWE-125 An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially a

CVE-2019-9077 [HIGH] CWE-787 An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the

CVE-2019-5736 [HIGH] CWE-78 runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to exec runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a ne

CVE-2018-20796 [HIGH] CWE-674 In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is th

CVE-2019-1003010 [MEDIUM] CWE-352 A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2019-9072 [MEDIUM] CWE-770 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library an

CVE-2019-9071 [MEDIUM] CWE-674 An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore

CVE-2019-7309 [MEDIUM] In the GNU C Library (aka glibc or libc6) through 2.29 the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant In the GNU C Library (aka glibc or libc6) through 2.29 the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. FAQ: Is Azure Linux the only Microsoft product that incl

CVE-2019-9076 [MEDIUM] CWE-770 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libr

CVE-2019-9073 [MEDIUM] CWE-770 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. FAQ: Is Azure Linux the only Microsoft product that include

CVE-2019-9074 [MEDIUM] CWE-125 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when calle An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when called from pex64_get_runtime_function in pei-x86_64.c. FAQ: Is Azure Li

CVE-2018-16865 [HIGH] CWE-770 An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when many entries are sent to the journal socket. A local a An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker or a remote one if systemd-journal-remote is used may use thi

CVE-2018-16864 [HIGH] CWE-770 An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when a program with long command line arguments calls syslo An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or es