Azure Security Vulnerabilities
4.4CVSS
5.7AI Score
0.0004EPSS
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in...
8.8CVSS
8.6AI Score
0.001EPSS
4CVSS
5.1AI Score
0.001EPSS
7.1CVSS
6.7AI Score
0.0004EPSS
7CVSS
7AI Score
0.0004EPSS
6CVSS
6.2AI Score
0.0004EPSS
7.7CVSS
7.5AI Score
0.0004EPSS
4.4CVSS
5.2AI Score
0.0004EPSS
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root...
9.8CVSS
9.5AI Score
0.005EPSS
8.1CVSS
8.1AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
6.3AI Score
0.014EPSS
6.8CVSS
6.9AI Score
0.0004EPSS
9.3CVSS
9.3AI Score
0.001EPSS
6.2CVSS
6.6AI Score
0.002EPSS
6.8CVSS
6.6AI Score
0.002EPSS
7CVSS
6.8AI Score
0.0004EPSS
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including...
6.5CVSS
6.4AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.001EPSS
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses.....
7.8CVSS
7.7AI Score
0.001EPSS
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this...
5.5CVSS
5.3AI Score
0.0004EPSS
5.4CVSS
6AI Score
0.001EPSS
6.4CVSS
5.9AI Score
0.001EPSS
7.4CVSS
7.3AI Score
0.002EPSS
7.4CVSS
7.4AI Score
0.002EPSS
5.4CVSS
6AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
5.4CVSS
6.2AI Score
0.0004EPSS
5.4CVSS
5.9AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
6.2CVSS
6.3AI Score
0.001EPSS
6.9CVSS
7.2AI Score
0.0004EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.004EPSS
6.1CVSS
6.7AI Score
0.0004EPSS
6.1CVSS
6.7AI Score
0.002EPSS
5.7CVSS
6.2AI Score
0.0004EPSS
8.1CVSS
8.1AI Score
0.002EPSS
6.2CVSS
6.4AI Score
0.002EPSS
6.2CVSS
6.5AI Score
0.001EPSS
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in...
4.3CVSS
4.4AI Score
0.001EPSS
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...
5.3CVSS
6AI Score
0.002EPSS
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication...
7.5CVSS
7.6AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege...
8.8CVSS
8.7AI Score
0.006EPSS