Lucene search
K

57 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2022/09/29 12:0 a.m.10 views

Stronger Cloud Security in Azure Functions Using Custom Cloud Container

In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions...

2.6AI score
Exploits0
OSV
OSV
added 2022/06/20 8:24 p.m.7 views

MAL-2022-1331 Malicious code in azure-function-core-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ecdbb74c41602ea68433f7958e933687b012943bc3c9fdcf70f5161cf07443 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:10 p.m.3 views

Malicious code in azure-functions-ux-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c5287c7ea0d869d1e5f712945de550f0fe6f516ac825227f90c65c65f9a7f11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:10 p.m.6 views

MAL-2022-1333 Malicious code in azure-functions-ux-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c5287c7ea0d869d1e5f712945de550f0fe6f516ac825227f90c65c65f9a7f11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.10 views

Azure Functions Local Settings Detected

Azure Functions is a public cloud service from Microsoft providing a serverless computing platform which supports various programming languages C, Python, JavaScript.... Before deploying their functions to the cloud, developers often write and test their code in their local development environmen...

7.1AI score
Exploits0References2
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/08/19 4:0 p.m.38 views

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

7.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/08/19 4:0 p.m.40 views

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/08 2:12 p.m.66 views

Azure Functions Weakness Allows Privilege Escalation

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing...

7.8AI score
Exploits0References7
The Hacker News
The Hacker News
added 2021/01/27 3:1 p.m.36 views

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/27 3:1 p.m.5 views

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/11/03 3:33 p.m.10 views

@medley/medley (>=0.11.0 <=0.12.1), @nova/azure-functions (>=0.3.0 <=0.3.3) +1 more potentially affected by CVE-2020-7764 via find-my-way (>=2.0.1 <=2.1.0)

find-my-way NPM version =2.0.1, =0.11.0, =0.3.0, =1.0.0, =1.1.0 Source cves: CVE-2020-7764 Source advisory: SNYK:JS-FINDMYWAY-1038269...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
NVD
NVD
added 2020/10/16 11:15 p.m.28 views

CVE-2020-16904

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...

9.8CVSS0.03123EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/16 10:17 p.m.30 views

CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability

...

5.3CVSS5.7AI score0.03123EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.36 views

Azure Functions Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...

9.8CVSS2.4AI score0.03123EPSS
Exploits0
Kaspersky
Kaspersky
added 2020/10/13 12:0 a.m.20 views

KLA11973 Multiple vulnerabilites in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Network Watcher Agent Virtual Machine Extension for Linux can be exploited...

9.8CVSS6.7AI score0.03123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/10/13 12:0 a.m.5 views

PT-2020-4387 · Microsoft · Azure Functions

Name of the Vulnerable Software and Affected Versions: Azure Functions affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this...

10CVSS5.1AI score0.03123EPSS
Exploits0References3
Node.js
Node.js
added 2020/06/05 7:48 p.m.23 views

Information Exposure

Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder