Microsoft : Security Vulnerabilities, CVEs, CVSS score between 3 and 6.99
Azure Identity Library for .NET Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
N/A
Published
2024-04-18
Updated
2024-04-18
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Max CVSS
5.4
EPSS Score
N/A
Published
2024-04-18
Updated
2024-04-18
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-09
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.
Max CVSS
6.0
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Windows Hyper-V Denial of Service Vulnerability
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-26
Windows Authentication Elevation of Privilege Vulnerability
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Secure Boot Security Feature Bypass Vulnerability
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability.
A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported.
Max CVSS
3.9
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-17
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Windows rndismp6.sys Remote Code Execution Vulnerability
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
Windows rndismp6.sys Remote Code Execution Vulnerability
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-04-09
Updated
2024-04-09
3505 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141