Azure App Service On Azure Stack
Monthly
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.