| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. |
| Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.
|
| The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. |
| Azure Machine Learning Information Disclosure Vulnerability |
| Azure Service Connector Security Feature Bypass Vulnerability |
| Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. |
| Service Fabric Explorer Spoofing Vulnerability |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| Azure CycleCloud Elevation of Privilege Vulnerability |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability |
| Azure Site Recovery Remote Code Execution Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
