11 matches found
CVE-2021-38647
CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...
CVE-2021-38645
Open Management Infrastructure (OMI) in Azure VM Management Extensions contains CVE-2021-38645, an Elevation of Privilege vulnerability. OMI runs with root privileges; when vulnerable, it can be exploited locally to escalate privileges on affected hosts. Microsoft addressed the OMIGOD set (CVE-20...
CVE-2021-38648
CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...
CVE-2021-38649
CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...
CVE-2024-20679
CVE-2024-20679 is a spoofing vulnerability in Microsoft Azure Stack Hub. The connected sources indicate the affected product is Azure Stack Hub, with the vulnerability enabling impersonation (spoofing) of a user interface, without remote code execution. Microsoft’s lifecycle advisory groups this ...
CVE-2022-29149
CVE-2022-29149 concerns Microsoft Open Management Infrastructure (OMI). The vulnerability affects the OMI package prior to 1.6.9-1 and enables local, privilege-escalation attacks (unauthenticated remote attacker can gain privileged access). The issue is due to a privilege-escalation flaw in OMI. ...
CVE-2024-38108
CVE-2024-38108 – Azure Stack Hub Spoofing Vulnerability affects Microsoft Azure Stack Hub. The connected sources describe a spoofing vulnerability with a CVSSv3.1 base score of 9.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N). The initial document does not provide a detailed root cause or exploitation s...
CVE-2024-38201
CVE-2024-38201 is an Elevation of Privilege vulnerability in Azure Stack Hub. Documents confirm affected product: Azure Stack Hub (vendor Microsoft) with CVE-2024-38201; impact described as obtaining elevated privileges (high risk). CVSS v3.1 base score 7.0 (HIGH); attack vector LOCAL; required p...
CVE-2024-38216
CVE-2024-38216 is an Elevation of Privilege vulnerability in Azure Stack Hub . Connected sources confirm affected product and that patches exist via Microsoft Update (KB/MSRC advisory). The issue enables attackers to gain increased rights on the compromised system, potentially compromising confid...
CVE-2024-38220
CVE-2024-38220: Azure Stack Hub Elevation of Privilege — Elevation of privilege in Azure Stack Hub; CVSSv3.1 base score 9.0 (Network/AV:N, AC:L, PR:L, UI:R, S:C, C:H, I:H, A:H). Exploitation requires user interaction and low privileges; impact is high with changed scope. Affected product: Azure S...
CVE-2025-53793
CVE-2025-53793 – Azure Stack Hub Information Disclosure : An improper authentication flaw in Azure Stack Hub allows an unauthenticated attacker to disclose information over the network. According to the CVE entry, the issue has a CVSS v3.1 base score of 7.5 (High) with Network attack vector and n...