Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-33602 [HIGH] CWE-466 nscd: netgroup cache assumes NSS callback uses in-buffer strings nscd: netgroup cache assumes NSS callback uses in-buffer strings FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-27018 [HIGH] netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: br_netfilter: skip conntrack input hook for promisc packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-26933 [HIGH] CWE-667 USB: core: Fix deadlock in port "disable" sysfs attribute USB: core: Fix deadlock in port "disable" sysfs attribute FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-34251 [HIGH] CVE-2024-34251: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34251 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: fluent-bit Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-34251

CVE-2024-32620 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of

CVE-2024-32614 [HIGH] CWE-125 HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-32605 [HIGH] CWE-122 HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2024-3727 [HIGH] CWE-354 Containers/image: digest type does not guarantee valid type Containers/image: digest type does not guarantee valid type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-29162 [HIGH] CWE-122 HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read resulting in denial of service or potential code execution. HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read resulting in denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2024-34459 [HIGH] CWE-122 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext i An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. FAQ: Is Azure Linux the only Microsoft product that inc

CVE-2024-2410 [HIGH] CWE-416 Use after free in C++ protobuf Use after free in C++ protobuf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2024-29160 [HIGH] CWE-122 HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-so

CVE-2024-29165 [HIGH] CWE-122 HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32 resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32 resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is th

CVE-2024-29158 [HIGH] CWE-122 HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther

CVE-2024-5564 [HIGH] CWE-120 Libndp: buffer overflow in route information length field Libndp: buffer overflow in route information length field FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2024-33877 [HIGH] CWE-122 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2024-34069 [HIGH] CWE-352 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2024-29163 [HIGH] CWE-122 HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore

CVE-2024-26961 [HIGH] CWE-416 mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154: fix llsec key resources release in mac802154_llsec_key_del FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-32618 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?