Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2023-6111 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-5528 [HIGH] CWE-20 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-48105 [HIGH] CWE-787 An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in cor An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. FAQ: Is Azure Linux the only Micr

CVE-2023-48161 [HIGH] CWE-787 Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2023-47234 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory p An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). FAQ: Is Azure Linux the only Microsoft product that include

CVE-2023-5408 [HIGH] CWE-269 Openshift: modification of node role labels Openshift: modification of node role labels FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2023-47235 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome. FAQ: Is Azure Linux the only Microsoft product that includes this o

CVE-2023-47108 [HIGH] CWE-770 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to da

CVE-2023-38473 [MEDIUM] CWE-617 Reachable assertion in avahi_alternative_host_name Reachable assertion in avahi_alternative_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2023-5981 [MEDIUM] CWE-203 Gnutls: timing side-channel in the rsa-psk authentication Gnutls: timing side-channel in the rsa-psk authentication FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2023-5678 [MEDIUM] CWE-754 Excessive time spent in DH check / generation with large Q parameter value Excessive time spent in DH check / generation with large Q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-42366 [MEDIUM] A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2023-49083 [MEDIUM] CWE-476 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates cryptography vulnerable to NULL-dereference when loading PKCS7 certificates FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-38469 [MEDIUM] CWE-617 Reachable assertion in avahi_dns_packet_append_record Reachable assertion in avahi_dns_packet_append_record FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-42365 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2023-6277 [MEDIUM] CWE-400 Libtiff: out-of-memory in tiffopen via a craft file Libtiff: out-of-memory in tiffopen via a craft file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2023-42363 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2023-38472 [MEDIUM] CWE-617 Reachable assertion in avahi_rdata_parse Reachable assertion in avahi_rdata_parse FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-38470 [MEDIUM] CWE-617 Reachable assertion in avahi_escape_label Reachable assertion in avahi_escape_label FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-38471 [MEDIUM] CWE-617 Reachable assertion in dbus_set_host_name Reachable assertion in dbus_set_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic