The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20996 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2024-20996)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39292 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before     registering winch IRQ Registering a winch IRQ is racy, an interrupt May occur before the winch is added to     the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled     to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the     winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.
    (CVE-2024-39292)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42075 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena     logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free     in arena_vm_close. (CVE-2024-42075)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of golang / msft-golang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29402 advisory.

  - The go command May generate unexpected code at build time when using cgo. This May result in unexpected     behavior when running a go program which uses cgo. This May occur when running an untrusted module which     contains directories with newline characters in their names. Modules which are retrieved using the go     command, i.e. via go get, are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off,     May be affected). (CVE-2023-29402)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26900 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If     kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak     occurs. unreferenced object 0xffff88815a350000 (size 49152): comm mdadm, pid 789, jiffies 4294716910 hex     dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00     00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>]     kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>]
    __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>]     rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>]     bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>]     md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>]     vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>]     do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 (CVE-2024-26900)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42077 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to     insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary     transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO     could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often     extend the current transaction but not in all of the cases. For example if we have only single block     extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the     time and we will never extend the current transaction and eventually exhaust all the transaction credits     if the IO contains many single block extents. Once that happens a     WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and     subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers     on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough     credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------     PANIC: Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error PID: xxx TASK: xxxx     CPU: 5 COMMAND: SubmitThread-CA #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at     ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4
    __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6     ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8     ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9     [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12     do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14     generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16     ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc     at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21     entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba (CVE-2024-42077)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of golang / msft-golang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29404 advisory.

  - The go command May execute arbitrary code at build time when using cgo. This May occur when running go     get on a malicious module, or when running any other command which builds untrusted code. This is can by     triggered by linker flags, specified via a #cgo LDFLAGS directive. The arguments for a number of flags     which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled     through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. (CVE-2023-29404)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of hyperv-daemons / kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0565 advisory.

  - An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in     the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy     length, leading to a denial of service. (CVE-2024-0565)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23849 advisory.

  - In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one     error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. (CVE-2024-23849)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-21698 advisory.

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39277 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle     NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()     resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in     ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID:
    990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)     Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) ubsan_epilogue (lib/ubsan.c:232)
    __ubsan_handle_out_of_bounds (lib/ubsan.c:429) cpumask_of_node (arch/x86/include/asm/topology.h:72)     [inline] do_map_benchmark (kernel/dma/map_benchmark.c:104) map_benchmark_ioctl     (kernel/dma/map_benchmark.c:246) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl     (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe     (arch/x86/entry/entry_64.S:130) Use cpumask_of_node() in place when binding a kernel thread to a cpuset of     a particular node. Note that the provided node id is checked inside map_benchmark_ioctl(). It's just a     NUMA_NO_NODE case which is not handled properly later. Found by Linux Verification Center     (linuxtesting.org). (CVE-2024-39277)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0215 advisory.

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which May cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that May be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory.

  - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,     leading to a crash of the server process, degrading performance. (CVE-2024-36387)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4076 advisory.

  - Client queries that trigger serving stale data and that also require lookups in local authoritative zone     data May result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50,     9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through     9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. (CVE-2024-4076)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27316 advisory.

  - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an     informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24795 advisory.

  - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject     malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are     recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / gh / keda / kubevirt / multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32149 advisory.

  - An attacker May cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage     will take significant time to parse. (CVE-2022-32149)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of azcopy / cri-o / git-lfs / golang / kata-containers / keda / moby-engine / multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29526 advisory.

  - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero     flags parameter, the Faccessat function could incorrectly report that a file is accessible.
    (CVE-2022-29526)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39474 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may     return null if called with __GFP_NOFAIL commit a421ef303008 (mm: allow !GFP_KERNEL allocations for     kvmalloc) includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb     (vmalloc: back off when the current task is OOM-killed). A possible scenario is as follows: process-a
    __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer     send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not     check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during     OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308]     oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/ui     d_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698]     [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454]     dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454]     mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump]     [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454]     notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454]     die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454]     do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454]     el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454]     el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 -->     be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel     panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL.
    [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454]     z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454]     page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411]     [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454]     handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454]     el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454]     el0t_64_sync+0x198/0x19c (CVE-2024-39474)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory.

  - An attacker May cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive     number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and     CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is     allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an     HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to     be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the     receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header     frames we will process before closing a connection. (CVE-2023-45288)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38780 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from     sync_print_obj() Since commit a6aa8fca4d79 (dma-buf/sw-sync: Reduce irqsave/irqrestore from known     context) by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show()     and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains     inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for     sync_debugfs_show() is already using spin_{lock,unlock}_irq(). (CVE-2024-38780)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42078 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: nfsd: initialise nfsd_info.mutex     early. nfsd_info.mutex can be dereferenced by svc_pool_stats_start() immediately after the new netns is     created. Currently this can trigger an oops. Move the initialisation earlier before it can possibly be     dereferenced. (CVE-2024-42078)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6931 advisory.

  - A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be     exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap     out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit     382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38472 advisory.

  - SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via     SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this     issue. Note: Existing configurations that access UNC paths will have to configure new directive UNCList     to allow access during request processing. (CVE-2024-38472)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
215268	Azure Linux 3.0 Security Update: mysql (CVE-2024-20996)	medium
215267	Azure Linux 3.0 Security Update: kernel (CVE-2024-39292)	medium
215261	Azure Linux 3.0 Security Update: kernel (CVE-2024-42075)	medium
215260	Azure Linux 3.0 Security Update: golang / msft-golang (CVE-2023-29402)	critical
215259	Azure Linux 3.0 Security Update: kernel (CVE-2024-26900)	medium
215258	Azure Linux 3.0 Security Update: kernel (CVE-2024-42077)	medium
215257	Azure Linux 3.0 Security Update: golang / msft-golang (CVE-2023-29404)	critical
215256	Azure Linux 3.0 Security Update: hyperv-daemons / kernel (CVE-2024-0565)	high
215255	Azure Linux 3.0 Security Update: kernel (CVE-2024-23849)	medium
215254	Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / multus (CVE-2022-21698)	high
215253	Azure Linux 3.0 Security Update: kernel (CVE-2024-39277)	high
215252	Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0215)	critical
215251	Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)	medium
215250	Azure Linux 3.0 Security Update: bind (CVE-2024-4076)	high
215249	Azure Linux 3.0 Security Update: httpd (CVE-2024-27316)	high
215248	Azure Linux 3.0 Security Update: httpd (CVE-2024-24795)	medium
215247	Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / gh / keda / kubevirt / multus (CVE-2022-32149)	high
215246	Azure Linux 3.0 Security Update: azcopy / cri-o / git-lfs / golang / kata-containers / keda / moby-engine / multus (CVE-2022-29526)	medium
215245	Azure Linux 3.0 Security Update: kernel (CVE-2024-39474)	medium
215244	Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)	high
215243	Azure Linux 3.0 Security Update: kernel (CVE-2024-38780)	medium
215242	Azure Linux 3.0 Security Update: kernel (CVE-2024-42078)	medium
215241	Azure Linux 3.0 Security Update: kernel (CVE-2023-6931)	high
215240	Azure Linux 3.0 Security Update: httpd (CVE-2024-38472)	high

Detections

Analytics

Azure Linux Local Security Checks Family for Nessus

medium

medium

medium

critical

medium

medium

critical

high

medium

high

high

critical

medium

high

high

medium

high

medium

medium

high

medium

medium

high

high