CVSS: 6.2EPSS: 2%CPEs: 1EXPL: 2CVE-2021-27074 – Azure Sphere Unsigned Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27074
11 Mar 2021 — Azure Sphere Unsigned Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Sin Firmar de Azure Sphere. Este ID de CVE es diferente del CVE-2021-27080 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27074 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27080 – Azure Sphere Unsigned Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27080
11 Mar 2021 — Azure Sphere Unsigned Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Sin Firmar de Azure Sphere. Este ID de CVE es diferente de CVE-2021-27074 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27080 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24109 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-24109
25 Feb 2021 — Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Microsoft Azure Kubernetes Service • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24109 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8567 – Kubernetes Secrets Store CSI Driver plugin directory traversals
https://notcve.org/view.php?id=CVE-2020-8567
21 Jan 2021 — Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. Kubernetes Secrets Store CSI Driver Vault Plugin anterior a versión v0.0.6, Azure Plugin anterior a versión v0.0.10 y GCP Plugin anterior a versión v0.2.0, permiten a un atacante que puede crear objetos SecretProvid... • https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1677 – Azure Active Directory Pod Identity Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-1677
12 Jan 2021 — Azure Active Directory Pod Identity Spoofing Vulnerability Una Vulnerabilidad de Suplantación de Identidad de Azure Active Directory Pod • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1677 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35609
https://notcve.org/view.php?id=CVE-2020-35609
22 Dec 2020 — A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad ioctl asincrónica de Microsoft Azure Sphere versión 20.05. Una secuencia de llamadas ioctl especialmente diseñadas puede causar una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1117 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35608
https://notcve.org/view.php?id=CVE-2020-35608
22 Dec 2020 — A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad de ejecución de código firmado del mundo normal de Microsoft Azure Sphere versi... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1134 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-17145 – Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-17145
09 Dec 2020 — Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Azure DevOps Server y Team Foundation Services • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17135 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-17135
09 Dec 2020 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación del servidor Azure DevOps • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135 •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17002 – Azure SDK for C Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-17002
09 Dec 2020 — Azure SDK for C Security Feature Bypass Vulnerability Vulnerabilidad de la función de seguridad de Azure SDK para C • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17002 •