CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2018-8531
https://notcve.org/view.php?id=CVE-2018-8531
10 Oct 2018 — A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge. Existe una vulnerabilidad de ejecución remota de código en la forma en la que Azure IoT Hub Device Client SDK con el protocolo MQTT accede a los objetos en la memoria. Esto también se conoce como "Azure IoT Device Client SDK Memory Corruption Vulnerabi... • http://www.securityfocus.com/bid/105472 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8613
https://notcve.org/view.php?id=CVE-2017-8613
29 Jun 2017 — Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." En Azure AD Connect Password, la escritura diferida de contraseñas, si se configura erróneamente durante la habilitación, permite que un atacante restablezca contraseñas y obtenga acceso no autorizado a cuentas de usuario privilegiado AD on-premise. Esto tam... • http://www.securityfocus.com/bid/99294 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2016-7191
https://notcve.org/view.php?id=CVE-2016-7191
28 Sep 2016 — The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. La librería Microsoft Azure Active Directory Passport (también conocida como Passport-Azure-AD) 1.x en versiones anteriores a 1.4.6 y 2.x en versiones anteriores a 2.0.1 para Node.js no reconoce la configuración validateIssuer, lo que permite a atacantes remoto... • http://www.securityfocus.com/bid/93213 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1068
https://notcve.org/view.php?id=CVE-2011-1068
23 Feb 2011 — Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. Microsoft Windows Azure Software Development Kit (SDK) v1.3.x anterior a v1.3.20121.1237, cuando se usan Full IIS y un Web Role con una aplicación A... • http://blogs.msdn.com/b/windowsazure/archive/2011/02/03/windows-azure-software-development-kit-sdk-refresh-released.aspx • CWE-20: Improper Input Validation •