Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-26458 [MEDIUM] Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2023-52447 [MEDIUM] CWE-416 bpf: Defer the free of inner map when necessary bpf: Defer the free of inner map when necessary FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-26587 [MEDIUM] CWE-476 net: netdevsim: don't try to destroy PHC on VFs net: netdevsim: don't try to destroy PHC on VFs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2023-52429 [MEDIUM] CWE-754 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.t dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.target_count. FAQ: Is Azure Linux the only Microsoft product that i

CVE-2023-52426 [MEDIUM] CWE-776 libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up t

CVE-2023-52160 [MEDIUM] CWE-287 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack wpa_supplicant must be configured to not verify the network's TLS certificate during Pha The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication and an eap_peap_decrypt vulnerability can then

CVE-2023-6935 [MEDIUM] CWE-203 Marvin Attack vulnerability in SP Math All RSA Marvin Attack vulnerability in SP Math All RSA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is comp

CVE-2024-26583 [MEDIUM] CWE-362 tls: fix race between async notify and socket close tls: fix race between async notify and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-0853 [MEDIUM] CWE-295 OCSP verification bypass with TLS session reuse OCSP verification bypass with TLS session reuse FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is co

CVE-2024-25620 [MEDIUM] CWE-22 Dependency management path traversal in helm Dependency management path traversal in helm FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2023-6936 [MEDIUM] CWE-126 Heap-buffer over-read with WOLFSSL_CALLBACKS Heap-buffer over-read with WOLFSSL_CALLBACKS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2023-6937 [MEDIUM] CWE-20 Improper (D)TLS key boundary enforcement Improper (D)TLS key boundary enforcement FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-23653 [CRITICAL] CWE-863 BuildKit interactive containers API does not validate entitlements check BuildKit interactive containers API does not validate entitlements check FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-21646 [CRITICAL] CWE-190 Azure IoT Platform Device SDK Remote Code Execution Vulnerability Azure IoT Platform Device SDK Remote Code Execution Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-23652 [CRITICAL] CWE-22 BuildKit possible host system access from mount stub cleaner BuildKit possible host system access from mount stub cleaner FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-0409 [HIGH] CWE-787 Xorg-x11-server: selinux context corruption Xorg-x11-server: selinux context corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2023-45232 [HIGH] CWE-835 Infinite loop in EDK II Network Package Infinite loop in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-40548 [HIGH] CWE-787 Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-48622 [HIGH] CWE-787 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani fi In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata

CVE-2023-26159 [HIGH] CWE-601 Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it c Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exp