Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-0985 [HIGH] CWE-271 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secu

CVE-2023-52434 [HIGH] CWE-119 smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix potential OOBs in smb2_parse_contexts() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-25110 [CRITICAL] CWE-416 Azure IoT Platform Device SDK Remote Code Execution Vulnerability Azure IoT Platform Device SDK Remote Code Execution Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-0229 [HIGH] CWE-787 Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the

CVE-2024-26581 [HIGH] CWE-416 netfilter: nft_set_rbtree: skip end interval element from gc netfilter: nft_set_rbtree: skip end interval element from gc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-26588 [HIGH] CWE-119 LoongArch: BPF: Prevent out-of-bounds memory access LoongArch: BPF: Prevent out-of-bounds memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-21885 [HIGH] CWE-122 Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-5517 [HIGH] CWE-617 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wi

CVE-2024-25062 [HIGH] CWE-416 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled processing crafted XML documents can l An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. FAQ: Is Azure Linux

CVE-2023-52425 [HIGH] CWE-400 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is

CVE-2023-6516 [HIGH] CWE-770 Specific recursive query patterns may lead to an out-of-memory condition Specific recursive query patterns may lead to an out-of-memory condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2024-26461 [HIGH] CWE-770 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2024-21626 [HIGH] CWE-1104 GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-21626 FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in runc which is consumed by Azure Kubernetes Service. The mitigation for this vulnerability requires a security update

CVE-2023-4408 [HIGH] Parsing large DNS messages may cause excessive CPU load Parsing large DNS messages may cause excessive CPU load FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-26585 [MEDIUM] CWE-362 tls: fix race between tx work scheduling and socket close tls: fix race between tx work scheduling and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-25629 [MEDIUM] CWE-125 c-ares out of bounds read in ares__read_line() c-ares out of bounds read in ares__read_line() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-22365 [MEDIUM] linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentiall

CVE-2024-0690 [MEDIUM] CWE-116 Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rece

CVE-2023-52435 [MEDIUM] CWE-119 net: prevent mss overflow in skb_segment() net: prevent mss overflow in skb_segment() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-27913 [MEDIUM] ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted acc ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted access to a missing attribute field. FAQ: Is Azure Linux the only Microsoft p