Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2023-46752 [MEDIUM] An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-46316 [MEDIUM] CWE-234 In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 the wrapper scripts do not properly parse command lines. In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 the wrapper scripts do not properly parse command lines. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t

CVE-2023-43804 [MEDIUM] CWE-200 `Cookie` HTTP header isn't stripped on cross-origin redirects `Cookie` HTTP header isn't stripped on cross-origin redirects FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-45803 [MEDIUM] CWE-200 Request body not stripped after redirect in urllib3 Request body not stripped after redirect in urllib3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2023-46753 [MEDIUM] CWE-863 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther

CVE-2023-46118 [MEDIUM] CWE-400 Denial of Service by publishing large messages over the HTTP API Denial of Service by publishing large messages over the HTTP API FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2023-47090 [MEDIUM] CWE-863 NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the inten NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the intention of the configuration was for each user to have an account. The

CVE-2023-38039 [HIGH] Hackerone: CVE-2023-38039 HTTP headers eat all memory Hackerone: CVE-2023-38039 HTTP headers eat all memory NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-38039 FAQ: 1. When will an update be available to address this vulnerability? Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table

CVE-2023-38546 [LOW] This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl

CVE-2023-36328 [CRITICAL] CWE-190 Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS). Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS). FAQ: Is Azure Linux the only Microsoft product that includes this ope

CVE-2023-4504 [HIGH] CWE-787 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2023-4782 [MEDIUM] CWE-22 Terraform Allows Arbitrary File Write During Init Operation Terraform Allows Arbitrary File Write During Init Operation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2023-42753 [HIGH] CWE-787 Kernel: netfilter: potential slab-out-of-bound access due to integer underflow Kernel: netfilter: potential slab-out-of-bound access due to integer underflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2023-4807 [HIGH] CWE-440 POLY1305 MAC implementation corrupts XMM registers on Windows POLY1305 MAC implementation corrupts XMM registers on Windows FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-42821 [HIGH] CWE-125 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2023-5156 [HIGH] CWE-401 Glibc: dos due to memory leak in getaddrinfo.c Glibc: dos due to memory leak in getaddrinfo.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compos

CVE-2023-41051 [LOW] CWE-125 Default functions in VolatileMemory trait lack bounds checks in vm-memory Default functions in VolatileMemory trait lack bounds checks in vm-memory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-5215 [MEDIUM] CWE-252 Libnbd: crash or misbehaviour when nbd server returns an unexpected block size Libnbd: crash or misbehaviour when nbd server returns an unexpected block size FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2023-4039 [MEDIUM] CWE-693 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most se

CVE-2022-36648 [CRITICAL] CWE-476 The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the hos The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has