CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21381 – Microsoft Azure Active Directory B2C Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21381
13 Feb 2024 — Microsoft Azure Active Directory B2C Spoofing Vulnerability Vulnerabilidad de suplantación de identidad de Microsoft Azure Active Directory B2C • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21329 – Azure Connected Machine Agent Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21329
13 Feb 2024 — Azure Connected Machine Agent Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del agente de máquina conectada de Azure • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20667 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20667
13 Feb 2024 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21638 – Azure IPAM solution Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21638
10 Jan 2024 — Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to acc... • https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f • CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20676 – Azure Storage Mover Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20676
09 Jan 2024 — Azure Storage Mover Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Azure Storage Mover • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-21646 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21646
09 Jan 2024 — Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. Azure uAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21751 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21751
13 Dec 2023 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21751 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35624 – Azure Connected Machine Agent Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35624
12 Dec 2023 — Azure Connected Machine Agent Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del agente de máquina conectada de Azure • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36019
12 Dec 2023 — Microsoft Power Platform Connector Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del conector Microsoft Power Platform • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019 • CWE-73: External Control of File Name or Path •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35625 – Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35625
12 Dec 2023 — Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability Instancia informática de Azure Machine Learning para usuarios de SDK Vulnerabilidad de divulgación de información • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •