Msrc Cbl Mariner 1.0 X64 vulnerabilities

CVE-2019-18874 [HIGH] CWE-415 psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2019-18276 [HIGH] CWE-273 An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default if Bash is run with its effective UID not equal to its real UID it will drop privileges by setting An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default if Bash is run with its effective UID not equal to its real UID it will drop privileges by setting its effective UID to its real UID. However it does so incorrectly. On

CVE-2019-16201 [HIGH] CWE-287 WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

CVE-2019-12625 [HIGH] CWE-404 ClamAV Zip Bomb Vulnerability ClamAV Zip Bomb Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tra

CVE-2019-6470 [MEDIUM] dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2019-16255 [HIGH] CWE-94 Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. FAQ: Is A

CVE-2019-16254 [MEDIUM] CWE-74 Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to insert a newline character to split a header and inject malicious c

CVE-2019-15845 [MEDIUM] Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2019-19126 [LOW] CWE-665 On the x86-64 architecture the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition allowing loc On the x86-64 architecture the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition allowing local attackers to restrict the possible mapping addresses for loaded lib

CVE-2018-21029 [CRITICAL] CWE-295 systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent and there is no hostname validation with the GnuTLS systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a

CVE-2019-16905 [HIGH] CWE-190 OpenSSH 7.7 through 7.9 and 8.x before 8.1 when compiled with an experimental key type has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This lea OpenSSH 7.7 through 7.9 and 8.x before 8.1 when compiled with an experimental key type has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error

CVE-2018-16301 [HIGH] CWE-120 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesyste The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line ar

CVE-2019-17498 [HIGH] CWE-190 In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subs In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sens

CVE-2019-18348 [MEDIUM] CWE-74 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the h

CVE-2019-17450 [MEDIUM] CWE-674 find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32 allows remote attackers to cause a denial of service (infinite recursion find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. FAQ: Is Azure Linu

CVE-2019-17451 [MEDIUM] CWE-190 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dw An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c as demonstrated by nm. FAQ: Is Azure Linux the only Microso

CVE-2019-16884 [HIGH] CWE-863 runc through 1.0.0-rc8 as used in Docker through 19.03.2-ce and other products allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets and thus a malic runc through 1.0.0-rc8 as used in Docker through 19.03.2-ce and other products allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets and thus a malicious Docker image can mount over a /proc directory. FAQ: Is Azure Li

CVE-2019-15847 [HIGH] CWE-331 The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call thus reducing the entropy of the random number ge The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified

CVE-2019-5094 [HIGH] CWE-787 An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap resulting in cod An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap resulting in code execution. An attacker can corrupt a partition to trigger this vulne

CVE-2019-16275 [MEDIUM] CWE-346 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protectio