CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29993 – Azure CycleCloud Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-29993
09 Apr 2024 — Azure CycleCloud Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Azure CycleCloud • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29992 – Azure Identity Library for .NET Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29992
09 Apr 2024 — Azure Identity Library for .NET Information Disclosure Vulnerability Librería de identidad de Azure para la vulnerabilidad de divulgación de información de .NET • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29992 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29989 – Azure Monitor Agent Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-29989
09 Apr 2024 — Azure Monitor Agent Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del agente de Azure Monitor • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28917 – Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-28917
09 Apr 2024 — Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en el alcance del clúster de extensión de Kubernetes habilitada para Azure Arc • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28917 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26193 – Azure Migrate Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-26193
09 Apr 2024 — Azure Migrate Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Azure Migrate • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26193 • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29990 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-29990
09 Apr 2024 — Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del contenedor confidencial del servicio Microsoft Azure Kubernetes • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29063 – Azure AI Search Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29063
09 Apr 2024 — Azure AI Search Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de búsqueda de Azure AI • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21424 – Azure Compute Gallery Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21424
09 Apr 2024 — Azure Compute Gallery Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Azure Compute Gallery • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21424 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-20685 – Azure Private 5G Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20685
09 Apr 2024 — Azure Private 5G Core Denial of Service Vulnerability Vulnerabilidad de denegación de servicio del núcleo privado 5G de Azure This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure Private 5G Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of InitialUEMessage messages. The issue results from improper length validation. An attacker can leverage this vulnerability to create... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20685 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29195 – Azure C SDK Integer Wraparound Vulnerability
https://notcve.org/view.php?id=CVE-2024-29195
26 Mar 2024 — The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malforme... • https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •