VYPR

Vendor CVEs

Azure

All CVEs

24 total · sorted by risk
  • CVE-2026-32171HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-33117CriMay 12, 2026
    risk 0.52cvss 9.1epss 0.00

    The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted…

  • CVE-2026-40381HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42316MedMay 11, 2026
    risk 0.35cvss 6.5epss 0.00

    kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format…

  • CVE-2026-32952MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.01

    go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1…

  • CVE-2024-25110Feb 12, 2024
    risk 0.01cvss epss 0.07

    The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to…

  • CVE-2026-21226Jan 13, 2026
    risk 0.00cvss epss 0.01

    Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

  • CVE-2026-21224Jan 13, 2026
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55086Oct 20, 2025
    risk 0.00cvss epss 0.00

    In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.

  • CVE-2025-58724Oct 14, 2025
    risk 0.00cvss epss 0.01

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2025-47989Oct 14, 2025
    risk 0.00cvss epss 0.01

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2024-29195Mar 26, 2024
    risk 0.00cvss epss 0.05

    The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer…

  • CVE-2024-27099Feb 27, 2024
    risk 0.00cvss epss 0.01

    The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

  • CVE-2024-21329Feb 13, 2024
    risk 0.00cvss epss 0.01

    Azure Connected Machine Agent Elevation of Privilege Vulnerability

  • CVE-2024-21638Jan 10, 2024
    risk 0.00cvss epss 0.02

    Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal…

  • CVE-2024-21646Jan 9, 2024
    risk 0.00cvss epss 0.05

    Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur…

  • CVE-2023-35624Dec 12, 2023
    risk 0.00cvss epss 0.01

    Azure Connected Machine Agent Elevation of Privilege Vulnerability

  • CVE-2023-48698Dec 5, 2023
    risk 0.00cvss epss 0.01

    Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include…

  • CVE-2023-48692Dec 5, 2023
    risk 0.00cvss epss 0.03

    Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions…

  • CVE-2023-48691Dec 5, 2023
    risk 0.00cvss epss 0.03

    Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related…

  • CVE-2023-48316Dec 5, 2023
    risk 0.00cvss epss 0.04

    Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions…

  • CVE-2023-48315Dec 5, 2023
    risk 0.00cvss epss 0.04

    Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions…

  • CVE-2023-23939Mar 6, 2023
    risk 0.00cvss epss 0.00

    Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world…

  • CVE-2022-23551Dec 21, 2022
    risk 0.00cvss epss 0.01

    aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with…