Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

Azure Linux 3.0 Security Update: qemu (CVE-2022-4144)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4144 advisory. - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function doe...

Azure Linux 3.0 Security Update: etcd / packer (CVE-2022-3064)

The version of etcd / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3064 advisory. - Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CVE-2022-306...

Azure Linux 3.0 Security Update: php (CVE-2024-2756)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2756 advisory. - Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and...

OPENSUSE-SU-2024:0269-1 Security update for trivy

trivy was updated to fix the following issues: Update to version 0.54.1: fixflag: incorrect behavior for deprected flag --clear-cache backport: release/v0.54 7285 fixjava: Return error when trying to find a remote pom to avoid segfault backport: release/v0.54 7283 fixplugin: do not call GitHub...

KLA71482 Multiple vulnerabilities in Microsoft Mariner

Multiple vulnerabilities were found in Microsoft Mariner. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An out of bounds write vulnerability in grub can be exploited to exploited...

WALinuxAgent bug fix update

An update is available for WALinuxAgent. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Windows Azure Linux Agent supports provisioning and running Linux...

SUSE CVE-2019-0804

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...

PT-2022-6227 · Microsoft · Azure Service Fabric Container

Name of the Vulnerable Software and Affected Versions: Azure Service Fabric Container affected versions not specified Description: The issue is related to the Azure Service Fabric Container and involves an elevation of privilege vulnerability. This vulnerability is associated with the WAagent...

Malicious Package

Overview azure-linux-tools is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by one...

Malicious code in azure-linux-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35c4bd5ef8ff0e892a90a96125e449d042cdc2adfa37c8ff18e60499b8cf4472 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1354 Malicious code in azure-linux-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35c4bd5ef8ff0e892a90a96125e449d042cdc2adfa37c8ff18e60499b8cf4472 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WALinuxAgent: swapfile created with weak permissions

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...

The software for interacting between Linux and FreeBSD virtual machines with the Azure Windows Azure Linux Agent is vulnerable due to incorrect permission assignments for download files. This allows an intruder to gain unauthorized access to sensitive information.

The vulnerability of the software for interacting between Linux and FreeBSD virtual machines with the Azure Windows Azure Linux Agent is related to the improper assignment of permissions to download files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

DEBIAN-CVE-2019-0804

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...

Microsoft Releases Security Update for Azure Linux Guest Agent

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Microsoft...

UBUNTU-CVE-2019-0804

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...