OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

PT-2026-37115

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Resources.Azure versions prior to 1.15.0-beta.2 Description The AzureVmMetaDataRequestor function makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without a size limit. An...

EUVD-2023-1608

Malicious code in bioql PyPI...

EUVD-2022-2189

Malicious code in bioql PyPI...

EUVD-2022-4473

Malicious code in bioql PyPI...

EUVD-2022-5070

Malicious code in bioql PyPI...

CVE-2025-49692

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

Microsoft Azure 信息泄露漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Azure Virtual Machines. An attacker exploiting this vulnerability could gain access to sensitive information. The following...

How to Use Veeam Data Cloud Vault with ExpressRoute with Private Peering

Purpose This article documents the usage of Veeam Data Cloud Vault within environments that use Azure ExpressRoute with private peering. Solution Software Prerequisites Veeam Backup & Replication v12.3 or higher Veeam Data Cloud Vault Configuration Notes This article covers customers using...

CVE-2023-32990

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

CVE-2023-32988

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

OPENSUSE-SU-2024:0384-1 Security update for zabbix

This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templat...

Cannot Create Catalog from Azure VM with Trusted Launch Enabled

Error Attempting to create a catalog using an Azure Trusted Launch enabled image results in the following error: "CreateTerminatingError in operation PreparingMasterImage with message Error starting machine. Security type of VM is not compatible with the security type of attached OS Disk." Soluti...

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944,...

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944 ,...

CVE-2023-32990

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

CVE-2023-32989

A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

CVE-2023-32990

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

CVE-2023-32990

CVE-2023-32990 affects Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier. The root cause is missing permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to an attacker-selected Azure Cloud server using credentials IDs obtained by ...

CVE-2023-32989

A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...