| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
|
| Azure Site Recovery Remote Code Execution Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| Azure Site Recovery Denial of Service Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user.
To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.
The update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests. |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| Azure DevOps Server Remote Code Execution Vulnerability |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
| Azure CycleCloud Elevation of Privilege Vulnerability |
| Azure DevOps Server Spoofing Vulnerability |
| Azure DevOps Server Spoofing Vulnerability |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| Azure Kinect SDK Remote Code Execution Vulnerability |
