| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network. |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. |
| Azure Service Fabric for Linux Remote Code Execution Vulnerability |
| Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. |
| Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. |
| Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. |
| Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. |
| Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. |
| Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. |
| The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6. |
| Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. |
| Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. |
| Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
