Msrc Cbl Mariner 2.0 Arm vulnerabilities

1,677 known vulnerabilities affecting msrc/cbl_mariner_2.0_arm.

Total CVEs

1,677

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL92HIGH705MEDIUM842LOW38

Vulnerabilities

Page 27 of 84

CVE-2024-39484MEDIUMCVSS 5.52024-07-09

CVE-2024-39484 [MEDIUM] CWE-770 mmc: davinci: Don't strip remove function when driver is builtin mmc: davinci: Don't strip remove function when driver is builtin FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

msrc

CVE-2024-42161MEDIUMCVSS 6.32024-07-09

CVE-2024-42161 [MEDIUM] CWE-908 bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

msrc

CVE-2024-42101MEDIUMCVSS 5.52024-07-09

CVE-2024-42101 [MEDIUM] CWE-476 drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

msrc

CVE-2024-40725MEDIUMCVSS 5.32024-07-09

CVE-2024-40725 [MEDIUM] CWE-668 Apache HTTP Server: source code disclosure with handlers configured via AddType Apache HTTP Server: source code disclosure with handlers configured via AddType FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

msrc

CVE-2024-42224MEDIUMCVSS 6.12024-07-09

CVE-2024-42224 [MEDIUM] CWE-754 net: dsa: mv88e6xxx: Correct check for empty list net: dsa: mv88e6xxx: Correct check for empty list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

msrc

CVE-2024-36387MEDIUMCVSS 5.42024-07-09

CVE-2024-36387 [MEDIUM] CWE-476 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

msrc

CVE-2024-39331CRITICALCVSS 9.82024-06-11

CVE-2024-39331 [CRITICAL] CWE-94 In Emacs before 29.4 org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function such as shell-command-to-string. This affects Org Mode before 9.7.5. In Emacs before 29.4 org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function such as shell-command-to-string. This affects Org Mode before 9.7.5. FAQ: Is Azure Linux the only Microsoft product that includes this open

msrc

CVE-2008-3908CRITICALCVSS 10.02024-06-11

CVE-2008-3908 [CRITICAL] CVE-2008-3908: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2008-3908 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: wordnet Reference: https://nvd.nist.gov/vuln/detail/CVE-2008-3908

msrc

CVE-2024-29039CRITICALCVSS 9.02024-06-11

CVE-2024-29039 [CRITICAL] CWE-807 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

msrc

CVE-2008-0888CRITICALCVSS 9.32024-06-11

CVE-2008-0888 [CRITICAL] CVE-2008-0888: Mariner: Mariner secalert@redhat Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

msrc

CVE-2024-37371CRITICALCVSS 9.12024-06-11

CVE-2024-37371 [CRITICAL] In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

msrc

CVE-2024-38588HIGHCVSS 7.82024-06-11

CVE-2024-38588 [HIGH] CWE-416 ftrace: Fix possible use-after-free issue in ftrace_location() ftrace: Fix possible use-after-free issue in ftrace_location() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

msrc

CVE-2014-0069HIGHCVSS 7.22024-06-11

CVE-2014-0069 [HIGH] CVE-2014-0069: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2014-0069 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-0069

msrc

CVE-2024-36477HIGHCVSS 7.82024-06-11

CVE-2024-36477 [HIGH] CWE-125 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

msrc

CVE-2024-33655HIGHCVSS 7.52024-06-11

CVE-2024-33655 [HIGH] CWE-400 The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds such that responses are The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds such that responses are later sent in a pulsing burst (which can be considered traffic amplif

msrc

CVE-2024-38664HIGHCVSS 7.82024-06-11

CVE-2024-38664 [HIGH] CWE-667 drm: zynqmp_dpsub: Always register bridge drm: zynqmp_dpsub: Always register bridge FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

msrc

CVE-2024-4032HIGHCVSS 7.52024-06-11

CVE-2024-4032 [HIGH] CWE-697 Incorrect IPv4 and IPv6 private ranges Incorrect IPv4 and IPv6 private ranges FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

msrc

CVE-2024-37890HIGHCVSS 7.52024-06-11

CVE-2024-37890 [HIGH] CWE-476 Denial of service when handling a request with many HTTP headers in ws Denial of service when handling a request with many HTTP headers in ws FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

msrc

CVE-2004-2771HIGHCVSS 7.52024-06-11

CVE-2004-2771 [HIGH] CVE-2004-2771: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2004-2771 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: mailx Reference: https://nvd.nist.gov/vuln/detail/CVE-2004-2771

msrc

CVE-2010-2891HIGHCVSS 7.5PoC2024-06-11

CVE-2010-2891 [HIGH] CVE-2010-2891: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2010-2891 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: libsmi Reference: https://nvd.nist.gov/vuln/detail/CVE-2010-2891

msrc

← Previous27 / 84Next →