CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36737 – Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36737
10 Oct 2023 — Azure Network Watcher VM Agent Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Azure Network Watcher VM Agent • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 85%CPEs: 444EXPL: 16CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33136 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33136
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29332 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29332
12 Sep 2023 — Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Servicio Microsoft Azure Kubernetes • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332 • CWE-20: Improper Input Validation CWE-330: Use of Insufficiently Random Values •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38156 – Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38156
12 Sep 2023 — Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios de Azure HDInsight Apache Ambari • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2023-38155 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38155
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MachinePropertyBag class. The issue results from the lack of proper validation of user-sup... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38176 – Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38176
08 Aug 2023 — Azure Arc-Enabled Servers Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 0CVE-2023-36881 – Azure Apache Ambari Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36881
08 Aug 2023 — Azure Apache Ambari Spoofing Vulnerability Azure Apache Ambari Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 0CVE-2023-36877 – Azure Apache Oozie Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36877
08 Aug 2023 — Azure Apache Oozie Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 0CVE-2023-38188 – Azure Apache Hadoop Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-38188
08 Aug 2023 — Azure Apache Hadoop Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38188 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •