Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-28863 [MEDIUM] CWE-400 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2024-1441 [MEDIUM] CWE-193 Libvirt: off-by-one error in udevlistinterfacesbystatus() Libvirt: off-by-one error in udevlistinterfacesbystatus() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2024-2466 [MEDIUM] CWE-297 TLS certificate check bypass with mbedTLS TLS certificate check bypass with mbedTLS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr

CVE-2024-28180 [MEDIUM] CWE-409 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent an

CVE-2024-29041 [MEDIUM] CWE-601 Express.js Open Redirect in malformed URLs Express.js Open Redirect in malformed URLs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-28849 [MEDIUM] CWE-200 Proxy-Authorization header kept across hosts in follow-redirects Proxy-Authorization header kept across hosts in follow-redirects FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-28085 [LOW] CWE-150 wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdi wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdin are blocked but escape sequences received from argv are not blocked.

CVE-2024-2004 [LOW] CWE-436 Usage of disabled protocol Usage of disabled protocol FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparenc

CVE-2024-27099 [CRITICAL] CWE-415 Azure IoT Platform Device SDK Double Free Vulnerability Azure IoT Platform Device SDK Double Free Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-42282 [CRITICAL] CWE-918 The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2023-3966 [HIGH] CWE-248 Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2024-26455 [HIGH] CWE-416 fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to ke

CVE-2023-5679 [HIGH] Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rece

CVE-2024-24806 [HIGH] CWE-918 Improper Domain Lookup that potentially leads to SSRF attacks in libuv Improper Domain Lookup that potentially leads to SSRF attacks in libuv FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-24474 [HIGH] CWE-120 QEMU before 8.2.0 has an integer underflow and resultant buffer overflow via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in es QEMU before 8.2.0 has an integer underflow and resultant buffer overflow via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. FA

CVE-2024-26147 [HIGH] CWE-908 Helm's Missing YAML Content Leads To Panic Helm's Missing YAML Content Leads To Panic FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2024-26594 [HIGH] CWE-125 ksmbd: validate mech token in session setup ksmbd: validate mech token in session setup FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-27318 [HIGH] CWE-22 Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model cur Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as

CVE-2024-24557 [MEDIUM] CWE-346 Moby classic builder cache poisoning Moby classic builder cache poisoning FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-21886 [HIGH] CWE-122 Xorg-x11-server: heap buffer overflow in disabledevice Xorg-x11-server: heap buffer overflow in disabledevice FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the