The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.
Max CVSS
9.8
EPSS Score
0.67%
Published
2024-01-09
Updated
2024-01-12
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-01-10
Updated
2024-01-19
Microsoft Outlook Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
0.66%
Published
2024-02-13
Updated
2024-02-23

CVE-2024-21410

Known exploited
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
1.86%
Published
2024-02-13
Updated
2024-02-26
CISA KEV Added
2024-02-15
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
0.09%
Published
2024-02-13
Updated
2024-02-13
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-13
Updated
2024-02-23
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Max CVSS
9.0
EPSS Score
0.11%
Published
2024-02-13
Updated
2024-03-07
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Max CVSS
9.3
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-03-07
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Max CVSS
9.6
EPSS Score
0.11%
Published
2024-01-26
Updated
2024-01-31
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Max CVSS
9.8
EPSS Score
0.23%
Published
2024-01-09
Updated
2024-02-27
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-11
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
2.91%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.20%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.83%
Published
2023-12-05
Updated
2023-12-08
Windows Mobile Device Management Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.16%
Published
2023-08-08
Updated
2023-11-06
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
1.82%
Published
2023-08-08
Updated
2024-03-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!