CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35255 – Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-35255
11 Jun 2024 — Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en las librerías de identidad de Azure y la librería de autenticación de Microsoft A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privile... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36414 – Azure Identity SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36414
10 Oct 2023 — Azure Identity SDK Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Azure Identity SDK • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36415 – Azure Identity SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36415
10 Oct 2023 — Azure Identity SDK Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Azure Identity SDK • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •