Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-30261 [LOW] CWE-284 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2024-24786 [HIGH] CWE-1286 Infinite loop in JSON unmarshaling in google.golang.org/protobuf Infinite loop in JSON unmarshaling in google.golang.org/protobuf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2023-6597 [HIGH] An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference sym An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can

CVE-2024-30202 [HIGH] CWE-94 In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux d

CVE-2024-28960 [HIGH] CWE-284 An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory. An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the m

CVE-2024-29018 [MEDIUM] CWE-669 External DNS requests from 'internal' networks could lead to data exfiltration External DNS requests from 'internal' networks could lead to data exfiltration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-2398 [HIGH] CWE-772 HTTP/2 push headers memory-leak HTTP/2 push headers memory-leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to

CVE-2024-28110 [HIGH] CWE-522 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mo

CVE-2024-22017 [HIGH] CWE-250 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped suc setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects a

CVE-2024-27308 [HIGH] CWE-416 Mio's tokens for named pipes may be delivered after deregistration Mio's tokens for named pipes may be delivered after deregistration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-30205 [HIGH] CWE-494 In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2024-0901 [HIGH] CWE-129 SEGV and out of bounds memory read from malicious packet SEGV and out of bounds memory read from malicious packet FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-27289 [HIGH] CWE-89 pgx SQL Injection via Line Comment Creation pgx SQL Injection via Line Comment Creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2024-22025 [MEDIUM] CWE-404 A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node

CVE-2024-2494 [MEDIUM] CWE-789 Libvirt: negative g_new0 length can lead to unbounded memory allocation Libvirt: negative g_new0 length can lead to unbounded memory allocation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2024-0450 [MEDIUM] CWE-405 Quoted zip-bomb protection for zipfile Quoted zip-bomb protection for zipfile FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-39804 [MEDIUM] In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2024-20328 [MEDIUM] CWE-78 ClamAV VirusEvent File Processing Command Injection Vulnerability ClamAV VirusEvent File Processing Command Injection Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2024-30203 [MEDIUM] In Emacs before 29.3 Gnus treats inline MIME contents as trusted. In Emacs before 29.3 Gnus treats inline MIME contents as trusted. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-7250 [MEDIUM] CWE-183 Iperf3: possible denial of service Iperf3: possible denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commi