5 matches found
CVE-2021-38647
CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...
CVE-2021-38645
Open Management Infrastructure (OMI) in Azure VM Management Extensions contains CVE-2021-38645, an Elevation of Privilege vulnerability. OMI runs with root privileges; when vulnerable, it can be exploited locally to escalate privileges on affected hosts. Microsoft addressed the OMIGOD set (CVE-20...
CVE-2021-38648
CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...
CVE-2021-38649
CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...
CVE-2020-1331
The CVE-2020-1331 entry maps to a spoofing vulnerability in System Center Operations Manager (SCOM), specifically affecting the 2016 Web Console. The issue arises when the web interface fails to properly sanitize specially crafted requests, enabling spoofing and potential cross-site scripting-lik...