Search criteria
158 vulnerabilities found for Azure by Microsoft
CERTFR-2025-AVI-0997
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7070.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Monitor versions ant\u00e9rieures \u00e0 v1.37.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59504",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59504"
},
{
"name": "CVE-2025-59499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59499"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0997",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59504",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59504"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59499",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59499"
}
]
}
CERTFR-2025-AVI-0919
Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Compute Resource Provider",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Notification Service",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Event Grid System",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59500"
},
{
"name": "CVE-2025-59503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59503"
},
{
"name": "CVE-2025-59273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59273"
}
],
"initial_release_date": "2025-10-24T00:00:00",
"last_revision_date": "2025-10-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0919",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59500",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59503",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59273",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273"
}
]
}
CERTFR-2025-AVI-0881
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.38.1.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Arc Enabled Servers - Azure Connected Machine Agent versions ant\u00e9rieures \u00e0 1.56",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Compute Gallery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59292"
},
{
"name": "CVE-2025-59285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59285"
},
{
"name": "CVE-2025-47989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47989"
},
{
"name": "CVE-2025-59494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59494"
},
{
"name": "CVE-2025-59291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59291"
},
{
"name": "CVE-2025-58724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58724"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0881",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-47989",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47989"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-58724",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59285",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59285"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59494",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59494"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59291",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291"
}
]
}
CERTFR-2025-AVI-0870
Vulnerability from certfr_avis - Published: 2025-10-14 - Updated: 2025-10-14
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Confidential Compute VM SKU ECasv6/ECadsv6",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU ECasv5/ECadsv5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU DCasv6/DCadsv6",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU DCasv5/DCadsv5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0033"
}
],
"initial_release_date": "2025-10-14T00:00:00",
"last_revision_date": "2025-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0870",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-0033",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033"
}
]
}
CERTFR-2025-AVI-0688
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure File Sync v19 versions antérieures à 19.2.0.0 | ||
| Microsoft | Azure | Azure Stack Hub versions antérieures à 102.10.2.11 | ||
| Microsoft | Azure | Azure Stack Hub 2501 versions antérieures à 1.2501.1.47 | ||
| Microsoft | Azure | Azure File Sync v20 versions antérieures à 20.1.0.0 | ||
| Microsoft | Azure | Azure File Sync v18 versions antérieures à 18.3.0.0 | ||
| Microsoft | Azure | Azure Stack Hub 2406 versions antérieures à 1.2406.1.23 | ||
| Microsoft | Azure | Azure Stack Hub 2408 versions antérieures à 1.2408.1.50 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7060.1 | ||
| Microsoft | Azure | Azure File Sync v21 versions antérieures à 21.1.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure File Sync v19 versions ant\u00e9rieures \u00e0 19.2.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub versions ant\u00e9rieures \u00e0 102.10.2.11",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2501 versions ant\u00e9rieures \u00e0 1.2501.1.47",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v20 versions ant\u00e9rieures \u00e0 20.1.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v18 versions ant\u00e9rieures \u00e0 18.3.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2406 versions ant\u00e9rieures \u00e0 1.2406.1.23",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2408 versions ant\u00e9rieures \u00e0 1.2408.1.50",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7060.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v21 versions ant\u00e9rieures \u00e0 21.1.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53793"
},
{
"name": "CVE-2025-53727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53727"
},
{
"name": "CVE-2025-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24999"
},
{
"name": "CVE-2025-53729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53729"
},
{
"name": "CVE-2025-49759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49759"
},
{
"name": "CVE-2025-53781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53781"
},
{
"name": "CVE-2025-49707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49707"
},
{
"name": "CVE-2025-53765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53765"
},
{
"name": "CVE-2025-49758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49758"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0688",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53729"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53793",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53781",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53727"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53765",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49758",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49759",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49759"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49707",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24999",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999"
}
]
}
CERTFR-2025-AVI-0407
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure AI Document Intelligence Studio versions ant\u00e9rieures \u00e0 1.0.03019.1-official-7241c17a",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v20.0 versions ant\u00e9rieures \u00e0 5041884",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v19.0 versions ant\u00e9rieures \u00e0 26100",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-29973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29973"
},
{
"name": "CVE-2025-30387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30387"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0407",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30387",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-29973",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29973"
}
]
}
CERTFR-2025-AVI-0364
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure AI Bot Service",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Functions",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Machine Learning",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Virtual Desktop",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30392"
},
{
"name": "CVE-2025-33074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33074"
},
{
"name": "CVE-2025-30390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30390"
},
{
"name": "CVE-2025-21416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21416"
},
{
"name": "CVE-2025-30389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30389"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0364",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30389",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30389"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-33074",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30390",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-21416",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21416"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30392",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392"
}
]
}
CERTFR-2025-AVI-0290
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Stack HCI OS 22H2 versions ant\u00e9rieures \u00e0 10.0.20348.3328",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI OS 23H2 versions ant\u00e9rieures \u00e0 10.0.25398.1486",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Local Cluster versions ant\u00e9rieures \u00e0 2411.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25002"
},
{
"name": "CVE-2025-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27489"
},
{
"name": "CVE-2025-26628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26628"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-26628",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26628"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-27489",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27489"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-25002",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002"
}
]
}
CERTFR-2025-AVI-0261
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Health Bot",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Playwright",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26683"
},
{
"name": "CVE-2025-21384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21384"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0261",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-21384",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-26683",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683"
}
]
}
CERTFR-2025-AVI-0239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Kubernetes Service. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Microsoft indique que les vulnérabilités CVE-2025-1974 et CVE-2025-1097 n'affectent pas Azure Kubernetes Service.
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Kubernetes Service versions ant\u00e9rieures \u00e0 1.11.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service versions 1.12.x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "Microsoft indique que les vuln\u00e9rabilit\u00e9s CVE-2025-1974 et CVE-2025-1097 n\u0027affectent pas Azure Kubernetes Service.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1097"
},
{
"name": "CVE-2025-24514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24514"
},
{
"name": "CVE-2025-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24513"
},
{
"name": "CVE-2025-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1974"
},
{
"name": "CVE-2025-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1098"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Kubernetes Service. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Kubernetes Service",
"vendor_advisories": [
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24513",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1098",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1974",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24514",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514"
}
]
}
CERTFR-2024-AVI-1023
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
La mise à jour a déjà été déployée par Microsoft. Aucune action utilisateur n'est requise.
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Azure Functions",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "La mise \u00e0 jour a d\u00e9j\u00e0 \u00e9t\u00e9 d\u00e9ploy\u00e9e par Microsoft. Aucune action utilisateur n\u0027est requise.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49052"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49052",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49052"
}
]
}
CERTFR-2024-AVI-0994
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Stack HCI 23H2 versions ant\u00e9rieures \u00e0 2411",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49060"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0994",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49060",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49060"
}
]
}
CERTFR-2024-AVI-0977
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 13 versions antérieures à 13.16 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 12 versions antérieures à 12.20 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 16 versions antérieures à 16.4 | ||
| Microsoft | Azure | Azure Linux 3.0 x64 versions antérieures à 3.3.0-2 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 14 versions antérieures à 14.13 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 15 versions antérieures à 15.8 | ||
| Microsoft | Azure | Azure Linux 3.0 ARM versions antérieures à 3.3.0-2 | ||
| Microsoft | Azure | Azure CycleCloud 8.x versions antérieures à 8.6.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Database pour PostgreSQL Flexible Server 13 versions ant\u00e9rieures \u00e0 13.16",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 12 versions ant\u00e9rieures \u00e0 12.20",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 16 versions ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 x64 versions ant\u00e9rieures \u00e0 3.3.0-2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 14 versions ant\u00e9rieures \u00e0 14.13",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 15 versions ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 ARM versions ant\u00e9rieures \u00e0 3.3.0-2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.x versions ant\u00e9rieures \u00e0 8.6.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43602"
},
{
"name": "CVE-2024-49042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49042"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-43613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43613"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0977",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43602",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-5535",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5535"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49042",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43613",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613"
}
]
}
CERTFR-2024-AVI-0856
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Service Fabric 9.1 pour Linux versions antérieures à 9.1.2498.1 | ||
| Microsoft | Azure | Azure CLI versions antérieures à 2.65.0 | ||
| Microsoft | Azure | Azure Service Connector versions antérieures à 2.65.0 | ||
| Microsoft | Azure | Azure Service Fabric 10.1 pour Linux versions antérieures à 10.1.2308.1 | ||
| Microsoft | Azure | Azure Stack HCI 22H2 versions antérieures à 20349.2762 | ||
| Microsoft | Azure | Azure Service Fabric 10.0 pour Linux versions antérieures à 10.0.2345.1 | ||
| Microsoft | Azure | Azure Stack HCI 23H2 versions antérieures à 25398.1189 | ||
| Microsoft | Azure | Azure Monitor Agent versions antérieures à 1.30.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Service Fabric 9.1 pour Linux versions ant\u00e9rieures \u00e0 9.1.2498.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CLI versions ant\u00e9rieures \u00e0 2.65.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Connector versions ant\u00e9rieures \u00e0 2.65.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 10.1 pour Linux versions ant\u00e9rieures \u00e0 10.1.2308.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI 22H2 versions ant\u00e9rieures \u00e0 20349.2762",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 10.0 pour Linux versions ant\u00e9rieures \u00e0 10.0.2345.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI 23H2 versions ant\u00e9rieures \u00e0 25398.1189",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.30.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38179"
},
{
"name": "CVE-2024-43480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43480"
},
{
"name": "CVE-2024-38097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38097"
},
{
"name": "CVE-2024-43591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43591"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0856",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43480",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38097"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43591",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43591"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38179",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38179"
}
]
}
CERTFR-2024-AVI-0418
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Azure Monitor Agent. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.26.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-30060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30060"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30060 du 16 mai 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30060"
}
],
"reference": "CERTFR-2024-AVI-0418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nAzure Monitor Agent\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure Monitor Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-30060 du 16 mai 2024",
"url": null
}
]
}