Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2019-19977 [CRITICAL] CWE-125 libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c as demonstrated by a stack-based buffer over-read. libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c as demonstrated by a stack-based buffer over-read. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this

CVE-2019-19906 [HIGH] CWE-787 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. FAQ

CVE-2019-20149 [HIGH] CWE-668 ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted p ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type de

CVE-2019-18874 [HIGH] CWE-415 psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2019-6470 [MEDIUM] dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2019-17455 [CRITICAL] CWE-125 Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest tSmbNtlmAuthChallenge and tSmbNtlmAuthResponse read and write operations as demonstrated by a stack-based buffer over-read in Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest tSmbNtlmAuthChallenge and tSmbNtlmAuthResponse read and write operations as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

CVE-2019-17362 [CRITICAL] CWE-125 In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cau In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read inf

CVE-2018-16301 [HIGH] CWE-120 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesyste The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line ar

CVE-2019-17498 [HIGH] CWE-190 In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subs In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sens

CVE-2019-17402 [MEDIUM] CWE-120 Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp because there is no validation of th Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp because there is no validation of the relationship of the total size to the offset and size. FAQ: Is A

CVE-2019-16275 [MEDIUM] CWE-346 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protectio

CVE-2018-20969 [HIGH] CWE-78 do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unre do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unrelated to a shell metacharacter. FAQ: Is Azure Linux the only Microsof

CVE-2019-1010238 [CRITICAL] CWE-787 Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embeddin Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The atta

CVE-2019-13638 [HIGH] CWE-78 GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed edito GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is differ

CVE-2019-13636 [MEDIUM] CWE-59 In GNU patch through 2.7.6 the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. In GNU patch through 2.7.6 the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers w

CVE-2019-13504 [MEDIUM] CWE-125 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep i

CVE-2019-14274 [MEDIUM] CWE-787 MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2019-13232 [LOW] CWE-400 Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container leading to denial of service (resource consumption) aka a "better zip bomb" issue. Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container leading to denial of service (resource consumption) aka a "better zip bomb" issue. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? O

CVE-2019-12855 [HIGH] CWE-295 In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections. In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2019-9755 [HIGH] CWE-787 An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to c An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow resulting in a crash or the ability to exe