Lucene search
K
MicrosoftAzure Sphere

29 matches found

CVE
CVE
added 2021/08/12 6:11 p.m.110 views

CVE-2021-26429

CVE-2021-26429 is associated with Microsoft Azure Sphere Elevation of Privilege. Connected sources indicate affected product Azure Sphere and root cause described as insufficient access control, enabling privilege escalation. Publicly available specifics on vulnerable components, affected version...

7.8CVSS7.6AI score0.00479EPSS
CVE
CVE
added 2021/08/12 6:11 p.m.108 views

CVE-2021-26428

CVE-2021-26428 affects Microsoft Azure Sphere. Azure Sphere information disclosure vulnerability is tied to an input validation/data protection weakness in the Azure Sphere OS, enabling information disclosure with LOCAL access and no authentication required. The combined CVSS data indicates a MED...

4.4CVSS4.5AI score0.00743EPSS
CVE
CVE
added 2021/08/12 6:11 p.m.102 views

CVE-2021-26430

Azure Sphere Denial of Service vulnerability (CVE-2021-26430) affects Microsoft Azure Sphere. The connected documents consistently label it as a DoS issue impacting Azure Sphere components, but they do not provide concrete exploit details, affected versions, root cause analysis, or remediation st...

6CVSS5.9AI score0.00633EPSS
CVE
CVE
added 2021/09/15 11:23 a.m.101 views

CVE-2021-36956

Azure Sphere CVE-2021-36956 is an information-disclosure vulnerability in Azure Sphere OS. The issue is described as a lack of protection for service data, enabling sensitive data exposure. Impact is disclosed as data leakage (CONFIDENTIALITY impact). Root cause notes point to unprotected service...

4.4CVSS4.9AI score0.00751EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.92 views

CVE-2021-28460

Azure Sphere contains an unsigned code execution vulnerability (CVE-2021-28460). The issue is described as a local, low-complexity vulnerability that requires no authentication and can impact confidentiality, integrity, and availability. Several connected sources (NVD entry and Microsoft advisory...

8.1CVSS8.2AI score0.0048EPSS
CVE
CVE
added 2021/03/11 3:47 p.m.89 views

CVE-2021-27080

CVE-2021-27080 is listed as Azure Sphere Unsigned Code Execution Vulnerability. Connected sources confirm affected product is Azure Sphere and describe a vulnerability that could allow unsigned code execution (with MSRC labeling it as an Azure Sphere Unsigned Code Execution vulnerability). The co...

9.3CVSS9.4AI score0.01216EPSS
CVE
CVE
added 2020/12/22 7:23 p.m.86 views

CVE-2020-35608

Summary (verified) : CVE-2020-35608 affects Microsoft Azure Sphere 20.07. Affected component: the normal world’s signed code execution path. Root cause : a specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. Impact : local code ...

7.8CVSS7.7AI score0.04035EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.83 views

CVE-2020-16970

CVE-2020-16970 is a Microsoft Azure Sphere vulnerability involving the AF_AZSPIO socket path. The Talos analysis describes a memory-corruption flaw in the AF_AZSPIO socket flow that can trigger a double-free and out-of-bounds read in the kernel, potentially allowing shellcode execution and/or a d...

8.8CVSS8.2AI score0.01378EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.82 views

CVE-2020-16982

CVE-2020-16982 (Azure Sphere) has a concrete advisory in TALOS-2020-1132 describing a privilege-escalation flaw in the Azure Sphere mtd character device driver. The issue arises from a write path (MEMWRITE) in the MTD subsystem that does not verify FMODE_WRITE, allowing an attacker with read acce...

7.2CVSS6.4AI score0.01216EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.81 views

CVE-2021-41374

CVE-2021-41374 concerns Microsoft Azure Sphere Information Disclosure Vulnerability. Connected documents affirm Azure Sphere as affected. CVSS data indicate an attacker with local access and low privileges could cause confidentiality impact (C: HIGH; I/N/A N) per CVSS v3.1, while CVSS v2.0/3.1 me...

6.7CVSS5.2AI score0.00598EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.79 views

CVE-2020-16990

Azure Sphere (Microsoft) kernel message ring buffer information disclosure vulnerability (CVE-2020-16990) affects Azure Sphere 20.05+; unprivileged users can access the kernel log via klogctl due to default dmesg_restrict settings, potentially leaking memory addresses and other sensitive data. TA...

6.2CVSS6.1AI score0.0144EPSS
CVE
CVE
added 2020/12/22 7:24 p.m.79 views

CVE-2020-35609

CVE-2020-35609 affects Microsoft Azure Sphere 20.05, specifically the asynchronous ioctl path of the /dev/pluton interface. TALOS documents a denial-of-service scenario triggered by a rapid sequence of asynchronous ioctls that fill the Pluton ring buffer, causing the M4/A7 communication to stall ...

5.5CVSS5.3AI score0.01314EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.79 views

CVE-2021-41376

CVE-2021-41376 is an Azure Sphere Information Disclosure vulnerability. Connected sources confirm Azure Sphere as the affected product with potential access to sensitive information, categorized as information disclosure with local access requirements. Microsoft and North‑Western advisories indic...

4.4CVSS3.8AI score0.00728EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.78 views

CVE-2020-16987

Azure Sphere contains a local unsigned code execution vulnerability in the normal world path via /proc/thread-self/mem allowing an attacker to write shellcode into a process memory region and execute it. The TALOS advisory for Azure Sphere 20.07 details a shellcode-based overwrite of non-writable...

7.8CVSS7.3AI score0.01254EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.78 views

CVE-2021-41375

Azure Sphere Information Disclosure Vulnerability (CVE-2021-41375) affects Microsoft Azure Sphere OS. Connected sources corroborate an information-disclosure issue with Azure Sphere, CVSS around 4.4 (MEDIUM) and remote vector listed as LOCAL with high privileges required in some vectors; official...

4.4CVSS4.6AI score0.00795EPSS
CVE
CVE
added 2022/08/09 8:11 p.m.77 views

CVE-2022-35821

CVE-2022-35821 affects Microsoft Azure Sphere. The Azure Sphere Information Disclosure Vulnerability is due to insufficient protection of service data in the Azure Sphere OS. CVSSv3 metrics in the initial record indicate a Medium severity (4.4), with Local attack vector, Low attack complexity, an...

4.4CVSS4.8AI score0.01004EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.76 views

CVE-2020-16984

CVE-2020-16984 is an Azure Sphere unsigned code execution vulnerability affecting the Azure Sphere Linux-based OS. The root cause is the READ_IMPLIES_EXEC personality, which can cause PROT_READ pages to be treated as executable during memory operations (brk/mmap), potentially creating an executab...

7.8CVSS7.3AI score0.01281EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.76 views

CVE-2020-16986

CVE-2020-16986: Microsoft Azure Sphere Littlefs quota vulnerability allowing quota bypass via truncate operations on /mnt/config; a negative/large size write can reset quota accounting (info->used_bytes) and enable repeated disk writes, potentially exhausting storage and causing DoS (watchdog ...

6.2CVSS6.2AI score0.01249EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.76 views

CVE-2020-16988

CVE-2020-16988 corresponds to a Microsoft Azure Sphere Elevation of Privilege vulnerability. Connected PT-2020-4764 confirms a privilege-management error in Azure Sphere OS that could let a remote attacker elevate privileges, potentially enabling remote privilege escalation. The CVSS metrics in t...

7.2CVSS6.7AI score0.00713EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.74 views

CVE-2020-16991

Azure Sphere contains a signed-code-execution vulnerability in the Normal World. A specially crafted shellcode can be executed by abusing ptrace to modify a running process’s memory, bypassing write protections and enabling arbitrary code execution. TALOS documents this as a local, low-attack-sur...

7.3CVSS7.3AI score0.01673EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.73 views

CVE-2020-16985

Azure Sphere Information Disclosure Vulnerability (CVE-2020-16985) affects Microsoft Azure Sphere. Public sources indicate an information disclosure flaw present in Azure Sphere versions prior to 20.09, enabling an attacker to gain unauthorized access to the device file system. Root cause details...

6.2CVSS6.1AI score0.01697EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.73 views

CVE-2020-16994

Azure Sphere has a code‑execution vulnerability in the normal world via unsigned code execution through /proc/self/mem. The TALOS advisory details how a process can write to its own memory by leveraging a Linux kernel behavior that allows memory to be writable and executable, circumventing protec...

7.3CVSS7.2AI score0.01614EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.72 views

CVE-2020-16981

Azure Sphere Elevation of Privilege (CVE-2020-16981) affects Microsoft Azure Sphere OS. The root cause is insufficient access control, per PT-2020-4818, with Azure Sphere versions prior to 20.08 stated as affected in CNVD-2020-63390. Impact is privilege escalation, enabling attacker to gain highe...

7.2CVSS6.3AI score0.00678EPSS
CVE
CVE
added 2021/11/10 12:47 a.m.72 views

CVE-2021-42300

CVE-2021-42300 corresponds to Microsoft Azure Sphere Tampering Vulnerability. Connected sources indicate Azure Sphere (and related Azure RTOS/FSLogix entries) are affected by a tampering issue arising from insufficient access control, enabling local attacker access. The CVSS:3.1 vector (AV:L/AC:L...

6.7CVSS6AI score0.00547EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.71 views

CVE-2020-16989

CVE-2020-16989 affects Microsoft Azure Sphere. The connected PT-Security entry indicates the issue involves errors in privilege management within the Azure Sphere OS, enabling a remote attacker to elevate privileges. Public references show the vulnerability is classified as a privilege escalation...

7.2CVSS5.5AI score0.00699EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.71 views

CVE-2020-16992

CVE-2020-16992 is an Azure Sphere elevation-of-privilege vulnerability affecting Microsoft Azure Sphere. The connected PT-2020-4813 entry describes insufficient access control as the root cause and notes affected Azure Sphere versions with no specified fix version; it recommends updating via Wind...

8.2CVSS7.6AI score0.01395EPSS
CVE
CVE
added 2021/03/11 3:50 p.m.71 views

CVE-2021-27074

CVE-2021-27074 is an Azure Sphere unsigned code execution vulnerability. Connected documents describe the issue as an unsigned code execution flaw in Azure Sphere, with one source attributing it to incorrect code generation management in the Azure Sphere OS. Practical impact stated across sources...

6.2CVSS6.7AI score0.01028EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.69 views

CVE-2020-16983

Azure Sphere: A tampering vulnerability due to insufficient access control in the Azure Sphere OS allows privilege escalation. Affected: Microsoft Azure Sphere (OS). Root cause per PT-2020-4810 is insufficient access control; impact includes privilege escalation. No fix/version details are provid...

7.2CVSS5.5AI score0.00662EPSS
CVE
CVE
added 2020/11/11 6:47 a.m.69 views

CVE-2020-16993

CVE-2020-16993 concerns Microsoft Azure Sphere and describes a privilege-escalation vulnerability in the uid_map functionality of Azure Sphere 20.06 and earlier. The root cause is that the application-manager clears uniqueness checks among listed UIDs, allowing multiple component_ids to share the...

6.8CVSS5.5AI score0.00826EPSS