Azure Linux 3.0 Security Update: cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device-plugin (CVE-2025-22872)

The version of cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device- plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22872 advisory. - The...

CVE-2024-45338 affecting package cf-cli for versions less than 8.4.0-23

CVE-2024-45338 affecting package cf-cli for versions less than 8.4.0-23. A patched version of the package is available...

CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4. A patched version of the package is available...

CVE-2024-24786 affecting package cf-cli for versions less than 8.7.3-3

CVE-2024-24786 affecting package cf-cli for versions less than 8.7.3-3. A patched version of the package is available...

AZL-38302 CVE-2023-45288 affecting package cf-cli for versions less than 8.7.3-6

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-34590 CVE-2023-39325 affecting package cf-cli for versions less than 8.7.3-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...