CVE-2025-30204 affecting package blobfuse2 for versions less than 2.3.2-2

CVE-2025-30204 affecting package blobfuse2 for versions less than 2.3.2-2. A patched version of the package is available...

AZL-59172 CVE-2025-30204 affecting package blobfuse2 for versions less than 2.3.2-2

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

CVE-2025-22868 affecting package blobfuse2 for versions less than 2.1.2-8

CVE-2025-22868 affecting package blobfuse2 for versions less than 2.1.2-8. A patched version of the package is available...

AZL-57450 CVE-2025-22868 affecting package blobfuse2 for versions less than 2.1.2-8

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

CVE-2024-35255 affecting package blobfuse2 for versions less than 2.3.2-1

CVE-2024-35255 affecting package blobfuse2 for versions less than 2.3.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45288 affecting package blobfuse2 for versions less than 2.3.0-1

CVE-2023-45288 affecting package blobfuse2 for versions less than 2.3.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package blobfuse2 for versions less than 2.3.0-1

CVE-2024-24786 affecting package blobfuse2 for versions less than 2.3.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-44487 affecting package blobfuse2 for versions less than 2.1.0-4

CVE-2023-44487 affecting package blobfuse2 for versions less than 2.1.0-4. An upgraded version of the package is available that resolves this issue...

CVE-2023-39325 affecting package blobfuse2 for versions less than 2.3.0-1

CVE-2023-39325 affecting package blobfuse2 for versions less than 2.3.0-1. An upgraded version of the package is available that resolves this issue...

CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)

The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

AZL-43323 CVE-2024-35255 affecting package blobfuse2 for versions less than 2.3.2-1

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

CVE-2023-45288 affecting package blobfuse2 for versions less than 2.1.2-3

CVE-2023-45288 affecting package blobfuse2 for versions less than 2.1.2-3. A patched version of the package is available...

CVE-2024-24786 affecting package blobfuse2 for versions less than 2.1.2-7

CVE-2024-24786 affecting package blobfuse2 for versions less than 2.1.2-7. A patched version of the package is available...

AZL-39187 CVE-2023-45288 affecting package blobfuse2 for versions less than 2.1.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38314 CVE-2023-45288 affecting package blobfuse2 for versions less than 2.3.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...