CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44699 – Azure Network Watcher Agent Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-44699
13 Dec 2022 — Azure Network Watcher Agent Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad del agente Azure Network Watcher • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44699 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38014 – Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38014
09 Nov 2022 — Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows Subsystem para Linux (WSL2) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41085 – Azure CycleCloud Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41085
09 Nov 2022 — Azure CycleCloud Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Azure CycleCloud • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41051 – Azure RTOS GUIX Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41051
09 Nov 2022 — Azure RTOS GUIX Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Azure RTOS GUIX Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39343 – Azure RTOS FileX vulnerable to Buffer Offerflow
https://notcve.org/view.php?id=CVE-2022-39343
08 Nov 2022 — Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This fun... • https://github.com/azure-rtos/filex/blob/master/common/src/fx_fault_tolerant_apply_logs.c#L218 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39344 – Azure RTOS USBX vulnerable to buffer overflow
https://notcve.org/view.php?id=CVE-2022-39344
04 Nov 2022 — Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when ... • https://github.com/azure-rtos/usbx/security/advisories/GHSA-m9p8-xrp7-vvqp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2022-39327 – Improper Control of Generation of Code ('Code Injection') in Azure CLI
https://notcve.org/view.php?id=CVE-2022-39327
25 Oct 2022 — Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisit... • https://github.com/Azure/azure-cli/pull/23514 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39293 – Azure RTOS USBX Host PIMA vulnerable to read integer underflow with buffer overflow
https://notcve.org/view.php?id=CVE-2022-39293
13 Oct 2022 — Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_cla... • https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-37968 – Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37968
11 Oct 2022 — Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. Vulnerabilidad de elevación de privilegios en el... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35829 – Service Fabric Explorer Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2022-35829
11 Oct 2022 — Service Fabric Explorer Spoofing Vulnerability Una Vulnerabilidad de Suplantación de Service Fabric Explorer • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829 •