AZL-52260 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV-083...

CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1

CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45288 affecting package azcopy for versions less than 10.25.1-1

CVE-2023-45288 affecting package azcopy for versions less than 10.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1

CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package azcopy for versions less than 10.24.0-1

CVE-2024-24786 affecting package azcopy for versions less than 10.24.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1

CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package azcopy for versions less than 10.24.0-1

CVE-2024-24786 affecting package azcopy for versions less than 10.24.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45288 affecting package azcopy for versions less than 10.24.0-1

CVE-2023-45288 affecting package azcopy for versions less than 10.24.0-1. A patched version of the package is available...

AZL-42789 CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

AZL-42799 CVE-2024-35255 affecting package azcopy for versions less than 10.25.1-1

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

AZL-42706 CVE-2023-45288 affecting package azcopy for versions less than 10.24.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-35551 CVE-2024-24786 affecting package azcopy for versions less than 10.24.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

CVE-2023-44487 affecting package azcopy for versions less than 10.15.0-13

CVE-2023-44487 affecting package azcopy for versions less than 10.15.0-13. A patched version of the package is available...

AZL-31292 CVE-2023-44487 affecting package azcopy for versions less than 10.15.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-33568 CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...