CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-25110 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-25110
12 Feb 2024 — The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. UAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24087 – Azure IoT CLI extension Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-24087
25 Feb 2021 — Azure IoT CLI extension Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en la extensión de la CLI Azure IoT • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 2CVE-2017-6506 – Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-6506
07 Mar 2017 — In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. En Azure Data Expert Ultimate 2.2.16, la función de verificación SMTP sufre una vulnerabilidad de desbordamiento de búfer, lo que lleva a una ejecución remota de código. El vector de ataque es un demonio SMTP manipulado que envía una cadena 220 larga (también conocida... • https://www.exploit-db.com/exploits/41545 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7876
https://notcve.org/view.php?id=CVE-2015-7876
21 Oct 2015 — The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. La función escapeLike en sqlsrv/database.inc en el controlador de Drupal 7 para SQL Server y SQL Azure 7.x-1.x en versiones anteriores a 7.x-1.4 no escapa adecuadamente ciertos carácteres, lo que permite a atacantes remoto... • http://cgit.drupalcode.org/sqlsrv/commit/?id=2ea0da8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •