Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2020-25653 [MEDIUM] CWE-362 A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice- A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd possibly resulting in a denial of service or information l

CVE-2020-25651 [MEDIUM] CWE-362 A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted resulting in

CVE-2020-0569 [MEDIUM] CWE-787 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vuln

CVE-2020-25650 [MEDIUM] CWE-770 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path ` A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perf

CVE-2020-26572 [MEDIUM] CWE-787 The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2020-26571 [MEDIUM] CWE-787 The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers wh

CVE-2020-26570 [MEDIUM] CWE-787 The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Az

CVE-2020-26154 [CRITICAL] CWE-120 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled as demonstrated by a large PAC file that is delivered without a Content-length header. url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled as demonstrated by a large PAC file that is delivered without a Content-length header. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect

CVE-2020-0570 [HIGH] CWE-426 Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Uncontrolled search path in the QT Library before 5.14.0 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by thi

CVE-2020-25219 [HIGH] CWE-674 url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Th url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. FAQ: Is Azure Linux the only Microsoft

CVE-2020-15114 [HIGH] CWE-772 Denial of Service in etcd Denial of Service in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparenc

CVE-2020-15115 [MEDIUM] CWE-521 No minimum password length in etcd No minimum password length in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is comm

CVE-2020-15113 [MEDIUM] CWE-281 Improper Preservation of Permissions in etcd Improper Preservation of Permissions in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2020-17507 [MEDIUM] CWE-125 An issue was discovered in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. An issue was discovered in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the mai

CVE-2020-15136 [MEDIUM] CWE-306 Improper authentication in etcd Improper authentication in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed

CVE-2020-15106 [MEDIUM] CWE-20 Improper Input Validation in etcd Improper Input Validation in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committ

CVE-2020-15112 [MEDIUM] CWE-129 Improper Input Validation in etcd Improper Input Validation in etcd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commit

CVE-2020-2981 [HIGH] Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with log Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. S

CVE-2020-10713 [HIGH] CWE-120 A flaw was found in grub2 prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In A flaw was found in grub2 prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel an attacker would firs

CVE-2019-20907 [HIGH] CWE-835 In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation. In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor