Lucene search
K

13 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.5 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: apko-fips, grype, splunk-otel-collector, chisel-fips, clickhouse-backup-fips, crossplane-provider-azure-policyinsights, flux-kustomize-controller, cg, rootlesskit, opentelemetry-collector, trivy-operator-fips, flux-image-automation-controller, buildah-fips, mattermos...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: apko-fips, grype, splunk-otel-collector, chisel-fips, clickhouse-backup-fips, crossplane-provider-azure-policyinsights, flux-kustomize-controller, cg, rootlesskit, opentelemetry-collector, trivy-operator-fips, flux-image-automation-controller, buildah-fips, mattermos...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/18 10:42 p.m.13 views

How Storm-2949 turned a compromised identity into a cloud-wide breach

In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:58 p.m.10 views

CVE-2026-41483

OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/29 6:30 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Resources.Azure is a package contains Resource Detectors for applications running in Azure environment. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AzureVmMetaDataRequestor in the Azure resource metada...

6.3CVSS5.9AI score0.00323EPSS
Exploits0References2
Citrix
Citrix
added 2023/08/23 12:0 a.m.13 views

Efficiently manage orphaned Azure resources with Citrix

Orphaned resources are unused resources present in the system and they can lead to unnecessary expenses. Citrix provides a detailed scanning functionality to identify orphaned resources present in the system offering administrators better ways for resource management. This feature helps in cost...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2022/06/05 12:30 p.m.44 views

AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...

7.9AI score
Exploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/08/19 4:0 p.m.38 views

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.3 views

Microsoft OneFuzz 授权问题漏洞

Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...

10CVSS5.8AI score0.02415EPSS
Exploits0References6
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/01/27 6:0 p.m.39 views

Protecting multi-cloud environments with Azure Security Center

We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud...

8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/12/14 8:50 p.m.14 views

Azure Policies

Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON...

1.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/12/10 7:0 p.m.33 views

New cloud-native breadth threat protection capabilities in Azure Defender

As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams...

0.5AI score
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2020/04/08 4:0 p.m.42 views

VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...

5.8CVSS0.6AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder