Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2021-33289 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and

CVE-2021-39255 [HIGH] CWE-125 A crafted NTFS image can trigger an out-of-bounds read caused by an invalid attribute in ntfs_attr_find_in_attrdef in NTFS-3G < 2021.8.22. A crafted NTFS image can trigger an out-of-bounds read caused by an invalid attribute in ntfs_attr_find_in_attrdef in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the

CVE-2021-39259 [HIGH] CWE-787 A crafted NTFS image can trigger an out-of-bounds access caused by an unsanitized attribute length in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. A crafted NTFS image can trigger an out-of-bounds access caused by an unsanitized attribute length in ntfs_inode_lookup_by_name in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our custo

CVE-2021-35266 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure denial of service and even cod In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to kee

CVE-2021-39258 [HIGH] CWE-125 A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitmen

CVE-2021-35267 [HIGH] CWE-787 NTFS-3G versions < 2021.8.22 a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2021-39252 [HIGH] CWE-125 A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2021-33287 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i a heap buffer overflow can occur and allow for writing to arbitrary memory or denial o In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to kee

CVE-2021-41072 [HIGH] CWE-22 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause un

CVE-2021-39261 [HIGH] CWE-787 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2021-35269 [HIGH] CWE-787 NTFS-3G versions < 2021.8.22 when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag a heap buffer overflow can occur allowing for code execution and escalat NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep i

CVE-2021-35268 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open a heap buffer overflow can occur allowing for code execution and escalation of privil In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to kee

CVE-2021-33286 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent

CVE-2021-39262 [HIGH] CWE-787 A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent a

CVE-2021-33285 [HIGH] CWE-787 In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value a heap buffer overflow can occur allowing for memory disclosure or denial o In NTFS-3G versions Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to kee

CVE-2021-39251 [HIGH] CWE-476 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wi

CVE-2021-39254 [HIGH] CWE-190 A crafted NTFS image can cause an integer overflow in memmove leading to a heap-based buffer overflow in the function ntfs_attr_record_resize in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an integer overflow in memmove leading to a heap-based buffer overflow in the function ntfs_attr_record_resize in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of th

CVE-2021-39256 [HIGH] CWE-787 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up

CVE-2021-39263 [HIGH] CWE-787 A crafted NTFS image can trigger a heap-based buffer overflow caused by an unsanitized attribute in ntfs_get_attribute_value in NTFS-3G < 2021.8.22. A crafted NTFS image can trigger a heap-based buffer overflow caused by an unsanitized attribute in ntfs_get_attribute_value in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers w

CVE-2021-39253 [HIGH] CWE-125 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most