Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2021-39257 [MEDIUM] CWE-674 A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G < 2021.8.22. A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affec

CVE-2021-22931 [CRITICAL] CWE-20 Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to Remote Code Execution XSS Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns li Node.js before 16.6.0 14.17.4 and 12.22.4 is vulnerable to Remote Code Execution XSS Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Doma

CVE-2021-3712 [HIGH] CWE-125 Read buffer overruns processing ASN.1 strings Read buffer overruns processing ASN.1 strings FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2021-38593 [HIGH] CWE-787 Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this v

CVE-2021-36690 [HIGH] A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g. is

CVE-2021-36370 [HIGH] CWE-287 An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the se An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the server without the ability to verify its authenticity. FAQ: Is Azure L

CVE-2021-3713 [HIGH] CWE-787 An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked which can lead An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3

CVE-2020-24742 [HIGH] An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory allowing attackers to execute arbitrary code via crafted files. An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory allowing attackers to execute arbitrary code via crafted files. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is theref

CVE-2021-40153 [HIGH] CWE-22 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory and thus allow

CVE-2021-3682 [HIGH] CWE-763 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call

CVE-2021-32815 [MEDIUM] CWE-617 Denial of service due to assertion failure in crwimage_int.cpp Denial of service due to assertion failure in crwimage_int.cpp FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2021-34334 [MEDIUM] CWE-835 Denial of service due to integer overflow in loop counter Denial of service due to integer overflow in loop counter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2021-37622 [MEDIUM] CWE-835 Denial of service due to infinite loop in JpegBase::printStructure (#1) Denial of service due to infinite loop in JpegBase::printStructure (#1) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2021-37619 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2021-34335 [MEDIUM] CWE-369 Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2021-37621 [MEDIUM] CWE-835 Denial of service due to infinite loop in Image::printIFDStructure Denial of service due to infinite loop in Image::printIFDStructure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2021-37618 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::printStructure Out-of-bounds read in Exiv2::Jp2Image::printStructure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2021-37616 [MEDIUM] CWE-476 Null pointer dereference in Exiv2::Internal::resolveLens0x8ff Null pointer dereference in Exiv2::Internal::resolveLens0x8ff FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2021-37623 [MEDIUM] CWE-835 Denial of service due to infinite loop in JpegBase::printStructure (#2) Denial of service due to infinite loop in JpegBase::printStructure (#2) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2021-37620 [MEDIUM] CWE-125 Out-of-bounds read in XmpTextValue::read() Out-of-bounds read in XmpTextValue::read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M