Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-7348 [HIGH] CWE-367 PostgreSQL relation replacement during pg_dump executes arbitrary SQL PostgreSQL relation replacement during pg_dump executes arbitrary SQL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so

CVE-2024-42313 [HIGH] CWE-416 media: venus: fix use after free in vdec_close media: venus: fix use after free in vdec_close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-45490 [HIGH] CWE-611 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2024-41946 [MEDIUM] CWE-400 REXML DoS vulnerability REXML DoS vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency

CVE-2024-42271 [HIGH] CWE-416 net/iucv: fix use after free in iucv_sock_close() net/iucv: fix use after free in iucv_sock_close() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-43858 [HIGH] CWE-129 jfs: Fix array-index-out-of-bounds in diFree jfs: Fix array-index-out-of-bounds in diFree FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-43882 [HIGH] CWE-367 exec: Fix ToCToU between perm check and set-uid/gid usage exec: Fix ToCToU between perm check and set-uid/gid usage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-42301 [HIGH] CWE-129 dev/parport: fix the array out-of-bounds risk dev/parport: fix the array out-of-bounds risk FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-5991 [CRITICAL] CWE-125 Buffer overread in domain name matching Buffer overread in domain name matching FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micros

CVE-2024-44934 [HIGH] CWE-416 net: bridge: mcast: wait for previous gc cycles when removing port net: bridge: mcast: wait for previous gc cycles when removing port FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-7006 [HIGH] CWE-476 Libtiff: null pointer dereference in tif_dirinfo.c Libtiff: null pointer dereference in tif_dirinfo.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2022-3775 [HIGH] CWE-122 Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-3775 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly ava

CVE-2024-8088 [HIGH] CWE-835 Infinite loop when iterating over zip archive entry names from zipfile.Path Infinite loop when iterating over zip archive entry names from zipfile.Path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-42311 [MEDIUM] CWE-908 hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-42237 [MEDIUM] CWE-834 firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Validate payload length before processing block FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-52889 [MEDIUM] CWE-476 apparmor: Fix null pointer deref when receiving skb during sock creation apparmor: Fix null pointer deref when receiving skb during sock creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-42286 [MEDIUM] CWE-476 scsi: qla2xxx: validate nvme_local_port correctly scsi: qla2xxx: validate nvme_local_port correctly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-43854 [MEDIUM] CWE-401 block: initialize integrity buffer to zero before writing it to media block: initialize integrity buffer to zero before writing it to media FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-43894 [MEDIUM] CWE-476 drm/client: fix null pointer dereference in drm_client_modeset_probe drm/client: fix null pointer dereference in drm_client_modeset_probe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-43908 [MEDIUM] CWE-476 drm/amdgpu: Fix the null pointer dereference to ras_manager drm/amdgpu: Fix the null pointer dereference to ras_manager FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi