| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability |
| Azure RTOS Information Disclosure Vulnerability |
| Azure Sphere Denial of Service Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
| Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| Azure Active Directory Pod Identity Spoofing Vulnerability |
| Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. |
| A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. |
| A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability. |
| An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. |
| A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
