Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-3154 [HIGH] CWE-77 Cri-o: arbitrary command injection via pod annotation Cri-o: arbitrary command injection via pod annotation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-27322 [HIGH] CWE-502 R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–<4.4.0) R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2023-45288 [HIGH] CWE-400 HTTP/2 CONTINUATION flood in net/http HTTP/2 CONTINUATION flood in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-31755 [HIGH] CWE-476 cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of t

CVE-2024-3652 [MEDIUM] CWE-404 IKEv1 default AH/ESP responder can cause libreswan to abort and restart IKEv1 default AH/ESP responder can cause libreswan to abort and restart FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2024-31951 [MEDIUM] CWE-120 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment R In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). FAQ: Is

CVE-2024-21096 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerab Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where

CVE-2024-30260 [LOW] CWE-863 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2024-2756 [MEDIUM] CWE-20 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-31852 [MEDIUM] LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This af LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor

CVE-2024-28182 [MEDIUM] CWE-770 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2024-31950 [MEDIUM] CWE-120 In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2024-3096 [MEDIUM] CWE-20 PHP function password_verify can erroneously return true when argument contains NUL PHP function password_verify can erroneously return true when argument contains NUL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2024-26902 [MEDIUM] CWE-476 perf: RISCV: Fix panic on pmu overflow handler perf: RISCV: Fix panic on pmu overflow handler FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-6237 [MEDIUM] CWE-606 Excessive time spent checking invalid RSA public keys Excessive time spent checking invalid RSA public keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-31584 [MEDIUM] CWE-125 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure

CVE-2024-26900 [MEDIUM] CWE-401 md: fix kmemleak of rdev->serial md: fix kmemleak of rdev->serial FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committe

CVE-2024-2511 [MEDIUM] CWE-1325 Unbounded memory growth with session handling in TLSv1.3 Unbounded memory growth with session handling in TLSv1.3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-0874 [MEDIUM] CWE-524 Coredns: cd bit response is cached and served later Coredns: cd bit response is cached and served later FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2024-24795 [MEDIUM] CWE-113 Apache HTTP Server: HTTP Response Splitting in multiple modules Apache HTTP Server: HTTP Response Splitting in multiple modules FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr