Azure
Products
15- 6 CVEs
- 5 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32171 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-33117 | Cri | 0.52 | 9.1 | 0.00 | May 12, 2026 | The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted… | ||
| CVE-2026-40381 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42316 | Med | 0.35 | 6.5 | 0.00 | May 11, 2026 | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format… | ||
| CVE-2026-32952 | Med | 0.34 | 5.3 | 0.01 | Apr 24, 2026 | go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1… | ||
| CVE-2024-25110 | 0.01 | — | 0.07 | Feb 12, 2024 | The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to… | |||
| CVE-2026-21226 | 0.00 | — | 0.01 | Jan 13, 2026 | Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | |||
| CVE-2026-21224 | 0.00 | — | 0.00 | Jan 13, 2026 | Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55086 | 0.00 | — | 0.00 | Oct 20, 2025 | In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | |||
| CVE-2025-58724 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-47989 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-29195 | 0.00 | — | 0.05 | Mar 26, 2024 | The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer… | |||
| CVE-2024-27099 | 0.00 | — | 0.01 | Feb 27, 2024 | The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. | |||
| CVE-2024-21329 | 0.00 | — | 0.01 | Feb 13, 2024 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||
| CVE-2024-21638 | 0.00 | — | 0.02 | Jan 10, 2024 | Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal… | |||
| CVE-2024-21646 | 0.00 | — | 0.05 | Jan 9, 2024 | Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur… | |||
| CVE-2023-35624 | 0.00 | — | 0.01 | Dec 12, 2023 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||
| CVE-2023-48698 | 0.00 | — | 0.01 | Dec 5, 2023 | Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include… | |||
| CVE-2023-48692 | 0.00 | — | 0.03 | Dec 5, 2023 | Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions… | |||
| CVE-2023-48691 | 0.00 | — | 0.03 | Dec 5, 2023 | Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related… |
- risk 0.57cvss 8.8epss 0.00
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- risk 0.52cvss 9.1epss 0.00
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted…
- risk 0.51cvss 7.8epss 0.00
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- risk 0.35cvss 6.5epss 0.00
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format…
- risk 0.34cvss 5.3epss 0.01
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1…
- CVE-2024-25110Feb 12, 2024risk 0.01cvss —epss 0.07
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to…
- CVE-2026-21226Jan 13, 2026risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
- CVE-2026-21224Jan 13, 2026risk 0.00cvss —epss 0.00
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- CVE-2025-55086Oct 20, 2025risk 0.00cvss —epss 0.00
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
- CVE-2025-58724Oct 14, 2025risk 0.00cvss —epss 0.01
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- CVE-2025-47989Oct 14, 2025risk 0.00cvss —epss 0.01
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- CVE-2024-29195Mar 26, 2024risk 0.00cvss —epss 0.05
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer…
- CVE-2024-27099Feb 27, 2024risk 0.00cvss —epss 0.01
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.
- CVE-2024-21329Feb 13, 2024risk 0.00cvss —epss 0.01
Azure Connected Machine Agent Elevation of Privilege Vulnerability
- CVE-2024-21638Jan 10, 2024risk 0.00cvss —epss 0.02
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal…
- CVE-2024-21646Jan 9, 2024risk 0.00cvss —epss 0.05
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur…
- CVE-2023-35624Dec 12, 2023risk 0.00cvss —epss 0.01
Azure Connected Machine Agent Elevation of Privilege Vulnerability
- CVE-2023-48698Dec 5, 2023risk 0.00cvss —epss 0.01
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include…
- CVE-2023-48692Dec 5, 2023risk 0.00cvss —epss 0.03
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions…
- CVE-2023-48691Dec 5, 2023risk 0.00cvss —epss 0.03
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related…