Lucene search
+L

157 matches found

NVD
NVD
added 2019/04/09 9:29 p.m.16 views

CVE-2019-0866

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868,...

6.1CVSS5.8AI score0.02626EPSS
Exploits0References2
OSV
OSV
added 2019/04/09 9:29 p.m.4 views

CVE-2019-0866

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868,...

6.1CVSS5.8AI score0.02626EPSS
Exploits0References2
Prion
Prion
added 2019/04/09 9:29 p.m.17 views

Cross site scripting

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...

4.3CVSS5.9AI score0.02626EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/04/09 8:19 p.m.87 views

CVE-2019-0866

CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...

6.1CVSS5.5AI score0.02626EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.31 views

Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (April 2019)

The Microsoft Team Foundation Server or Azure DevOps Server installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project...

7.5CVSS6.5AI score0.03858EPSS
Exploits0References15
Circl
Circl
added 2018/05/29 3:50 p.m.14 views

CVE-2010-0866

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/jvmoscode10g.rb 2018-05-29 15:50:33+00:00| seen|...

6.5CVSS5.5AI score0.1125EPSS
Exploits4References2
seebug.org
seebug.org
added 2018/02/24 12:0 a.m.93 views

IE11: Use-after-free in Js::RegexHelper::RegexReplace(CVE-2018-0866)

There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested in a 64-bit tab process via TabProcGrowth=0 registry flag and the pag...

7.8AI score0.44265EPSS
Exploits4
seebug.org
seebug.org
added 2018/02/24 12:0 a.m.83 views

IE11: Use-after-free in String.lastIndexOf(CVE-2018-0866)

There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: var vars = new Array2; function main vars0 = new Array1000000; vars1 =...

7.7AI score0.44265EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/02/22 12:0 a.m.63 views

Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free

IE11: Use-after-free in Js::RegexHelper::RegexReplace CVE-2018-0866 There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested i...

7.5AI score0.44265EPSS
Exploits4
Circl
Circl
added 2018/02/20 12:0 a.m.13 views

CVE-2018-0866

creationtimestamp| type| source ---|---|--- 2018-02-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44153...

9.3CVSS7.6AI score0.44265EPSS
Exploits4References1
Prion
Prion
added 2018/02/15 2:29 a.m.22 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836,...

9.3CVSS7.3AI score0.65858EPSS
Exploits21References3
Prion
Prion
added 2018/02/15 2:29 a.m.24 views

Memory corruption

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-083...

7.6CVSS7.3AI score0.65858EPSS
Exploits21References3
CVE
CVE
added 2018/02/15 2:0 a.m.108 views

CVE-2018-0866

Technical details for CVE-2018-0866 are not publicly available in the provided documents. Connected advisories describe ChakraCore-related issues unrelated to this CVE. Monitor for updates.

9.3CVSS7.3AI score0.44265EPSS
Exploits4References5Affected Software1
OpenVAS
OpenVAS
added 2018/02/14 12:0 a.m.151 views

Microsoft Windows Internet Explorer Multiple RCE Vulnerabilities (KB4074736)

This host is missing a critical security update according to Microsoft KB4074736 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS7.5AI score0.53715EPSS
Exploits6References1
OpenVAS
OpenVAS
added 2018/02/14 12:0 a.m.270 views

Microsoft Windows Multiple Vulnerabilities (KB4074590)

This host is missing a critical security update according to Microsoft KB4074590 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.65858EPSS
Exploits33References1
OpenVAS
OpenVAS
added 2018/02/14 12:0 a.m.80 views

Microsoft Windows Multiple Vulnerabilities (KB4074591)

This host is missing a critical security update according to Microsoft KB4074591 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.65858EPSS
Exploits33References1
Check Point Advisories
Check Point Advisories
added 2018/02/13 12:0 a.m.34 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0866)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS7.7AI score0.44265EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/02/13 12:0 a.m.80 views

Security Updates for Internet Explorer (February 2018)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

9.3CVSS8.2AI score0.53715EPSS
Exploits6References6
Kaspersky
Kaspersky
added 2018/02/13 12:0 a.m.694 views

KLA11199 Multiple vulnerabilities in Microsoft Browsers

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Microsoft Edge c...

9.3CVSS8.2AI score0.65858EPSS
Exploits21References32
Tenable Nessus
Tenable Nessus
added 2018/02/13 12:0 a.m.65 views

KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4074591. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...

9.3CVSS8.2AI score0.93838EPSS
Exploits46References29
Rows per page
Query Builder