Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-20969 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability al Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c

CVE-2023-41913 [CRITICAL] CWE-120 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT

CVE-2023-51714 [CRITICAL] CWE-190 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. FAQ: Is Azure Linux the only Micr

CVE-2023-51780 [HIGH] CWE-416 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main be

CVE-2023-6817 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-51782 [HIGH] CWE-416 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main

CVE-2023-7104 [MEDIUM] CWE-119 SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most se

CVE-2023-51781 [HIGH] CWE-416 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of

CVE-2023-5764 [HIGH] CWE-1336 Ansible: template injection Ansible: template injection FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpa

CVE-2023-6932 [HIGH] CWE-416 Use-after-free in Linux kernel's ipv4: igmp component Use-after-free in Linux kernel's ipv4: igmp component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the di

CVE-2023-51764 [MEDIUM] CWE-345 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in rec Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation te

CVE-2023-52284 [MEDIUM] CWE-415 Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. FAQ: Is Azure Linux the only Microsoft product tha

CVE-2023-46218 [MEDIUM] This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that the This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do

CVE-2023-48795 [MEDIUM] CWE-354 The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from th The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may conseq

CVE-2023-45866 [HIGH] CWE-287 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection of HID messages when no user interaction has occurred in the Central

CVE-2023-5870 [LOW] CWE-400 Postgresql: role pg_signal_backend can signal certain superuser processes. Postgresql: role pg_signal_backend can signal certain superuser processes. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2023-46219 [MEDIUM] CWE-311 When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libra

CVE-2023-50495 [MEDIUM] NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to da

CVE-2023-51385 [MEDIUM] CWE-78 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metachar

CVE-2023-51384 [MEDIUM] In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constrai In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multi