Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2021-3504 [MEDIUM] CWE-125 A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its norma

CVE-2021-29622 [MEDIUM] CWE-601 Arbitrary redirects under /new endpoint Arbitrary redirects under /new endpoint FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2021-32617 [MEDIUM] CWE-400 Denial of service in Exiv2 Denial of service in Exiv2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpa

CVE-2021-29623 [LOW] CWE-908 Uninitialized variable bug in Exiv2 Uninitialized variable bug in Exiv2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commi

CVE-2021-29154 [HIGH] CWE-77 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bp BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. FAQ: Is Azure Linux t

CVE-2021-28965 [HIGH] The REXML gem before 3.2.5 in Ruby before 2.6.7 2.7.x before 2.7.3 and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and seriali The REXML gem before 3.2.5 in Ruby before 2.6.7 2.7.x before 2.7.3 and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. FAQ: Is Azure Linux the only Microsoft product that includes this open

CVE-2021-3506 [HIGH] CWE-125 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain acces An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of inter

CVE-2020-36325 [HIGH] CWE-125 An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification FAQ: Is Azure Linux the only Micros

CVE-2021-23133 [MEDIUM] CWE-362 Linux Kernel sctp_destroy_sock race condition Linux Kernel sctp_destroy_sock race condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2021-29457 [HIGH] CWE-122 Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2021-29464 [LOW] CWE-787 Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2020-18032 [HIGH] CWE-120 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. FAQ: Is Azu

CVE-2021-29463 [LOW] CWE-125 Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which th

CVE-2021-31879 [CRITICAL] CWE-601 GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin a related issue to CVE-2018-1000007. GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin a related issue to CVE-2018-1000007. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2021-22207 [MEDIUM] CWE-770 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this v

CVE-2021-29470 [MEDIUM] CWE-125 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2021-20208 [MEDIUM] CWE-269 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. FAQ: Is Azure

CVE-2021-30002 [MEDIUM] CWE-401 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments aka CID-fb18802a338b An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments aka CID-fb18802a338b. FAQ: Is Azure Linux the only Microsoft product that includes thi

CVE-2021-29155 [MEDIUM] CWE-125 An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic leading to side-channel attacks that defeat Spect An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory.

CVE-2021-30178 [MEDIUM] CWE-476 An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987. An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987. FAQ: Is Azure Linux the only Microsoft product that includes this ope