Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-37535 [MEDIUM] CWE-400 GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476. GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2012-6687 [MEDIUM] CVE-2012-6687: Mariner: Mariner cve@mitre Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2024-35235 [MEDIUM] CWE-59 Cupsd Listen arbitrary chmod 0140777 Cupsd Listen arbitrary chmod 0140777 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is c

CVE-2024-37891 [MEDIUM] CWE-669 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2024-38571 [MEDIUM] CWE-476 thermal/drivers/tsens: Fix null pointer dereference thermal/drivers/tsens: Fix null pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-5742 [MEDIUM] CWE-59 Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits t

CVE-2024-36481 [MEDIUM] CWE-754 tracing/probes: fix error check in parse_btf_field() tracing/probes: fix error check in parse_btf_field() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2013-4420 [MEDIUM] CVE-2013-4420: Mariner: Mariner secalert@redhat Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2015-2987 [LOW] CVE-2015-2987: Mariner: Mariner vultures@jpcert Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2024-4323 [CRITICAL] CWE-122 Fluent Bit Memory Corruption Vulnerability Fluent Bit Memory Corruption Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-29164 [CRITICAL] CWE-121 HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and i

CVE-2024-33874 [CRITICAL] CWE-120 HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2024-32615 [CRITICAL] CWE-787 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c caused by the earlier use of an initialized pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c caused by the earlier use of an initialized pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vul

CVE-2024-32613 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c a different vulnerability than CVE-2024-32612. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c a different vulnerability than CVE-2024-32612. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne

CVE-2024-33601 [HIGH] CWE-617 nscd: netgroup cache may terminate daemon on memory allocation failure nscd: netgroup cache may terminate daemon on memory allocation failure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-26983 [HIGH] CWE-416 bootconfig: use memblock_free_late to free xbc memory to buddy bootconfig: use memblock_free_late to free xbc memory to buddy FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-32465 [HIGH] CWE-22 Git's protections for cloning untrusted repositories can be bypassed Git's protections for cloning untrusted repositories can be bypassed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2024-32616 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t

CVE-2024-4068 [HIGH] CWE-1050 Memory Exhaustion in braces Memory Exhaustion in braces FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpa

CVE-2024-26934 [HIGH] CWE-667 USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Fix deadlock in usb_deauthorize_interface() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the