Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari. The root cause of at least one of these vulne...
Tue, Feb 6th, 2024
Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed repository (github.com/actions/runner-images). This repo was misconfigured to...
Wed, Dec 20th, 2023
AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging connection debugging information to a user's local system. This data could include username...
Fri, Oct 6th, 2023
A vulnerability in Power Platform could lead to unauthorized access to Custom Code functions used for custom connectors, thereby allowing cross-tenant information disclosure of secrets or other sen...
Fri, Aug 4th, 2023
An information disclosure vulnerability in the Google Cloud Build service could have allowed an attacker to view sensitive logs if they had gained prior access to a GCP environment and had permissi...
Tue, Jul 18th, 2023
A client-side desync vulnerability was discovered in Front Door, one of Azure's CDN solutions, caused by mishandling of the 'Content-Length' header in HTTP requests. Exploiting this vulnerability w...
Tue, Jun 27th, 2023