Lucene search
K

522 matches found

OSV
OSV
added 2019/09/11 10:15 p.m.6 views

CVE-2019-1306

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS7.9AI score0.16988EPSS
Exploits1References1
Prion
Prion
added 2019/09/11 10:15 p.m.24 views

Remote code execution

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

7.5CVSS9.8AI score0.16988EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/09/11 9:25 p.m.32 views

CVE-2019-1306

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

9.9AI score0.16988EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2019/09/10 6:0 p.m.169 views

September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerabili...

9.3CVSS0.5AI score0.19254EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.52 views

Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service account. To exploit the...

9.8CVSS2.8AI score0.16988EPSS
Exploits1
Symantec
Symantec
added 2019/09/10 12:0 a.m.14 views

Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

Description Microsoft Azure DevOps Server and Team Foundation Server are prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely result in denial of service conditions...

0.2AI score
Exploits0Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2019/09/10 12:0 a.m.35 views

Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure DevOps Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of markdown files during indexing of wiki content. A crafted...

8.3CVSS5.1AI score0.16988EPSS
Exploits1References1
Symantec
Symantec
added 2019/09/10 12:0 a.m.33 views

Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.4AI score0.01535EPSS
Exploits0Affected Software2
Kaspersky
Kaspersky
added 2019/09/10 12:0 a.m.64 views

KLA11554 Multiple vulnerabilities in Microsoft Developer tools

Multiple vulnerabilities were found in Microsoft Developer tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

9.8CVSS8.9AI score0.16988EPSS
Exploits1References31
Tenable Nessus
Tenable Nessus
added 2019/09/10 12:0 a.m.51 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (September 2019)

The Microsoft Team Foundation or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could...

9.8CVSS8.1AI score0.16988EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2019/08/05 4:0 p.m.71 views

Microsoft Lab Offers $300K For Working Azure Exploits

Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testi...

8AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/07/23 12:0 a.m.5 views

The vulnerability relates to the set of tools for developing software for collaborative work within Azure DevOps Server and the Project Management and Version Control system Team Foundation Server. It stems from the lack of measures for cleaning input data, allowing a malicious actor to execute arbitrary code in the context of the current user.

The vulnerability of the Azure DevOps Server and Team Foundation Server project management and version control systems relates to the lack of measures for input data cleansing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, by...

5.5CVSS6AI score0.01627EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.4 views

The vulnerability in the set of tools for developing software for Azure DevOps Server and Team Foundation Server, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Azure DevOps Server and Team Foundation Server project management and version control systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.8CVSS5.9AI score0.12442EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/07/15 7:15 p.m.5 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS7.9AI score0.12442EPSS
Exploits0References1
Prion
Prion
added 2019/07/15 7:15 p.m.20 views

Remote code execution

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

7.5CVSS9.8AI score0.12442EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2019/07/15 6:56 p.m.143 views

CVE-2019-1072

Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...

9.8CVSS9.8AI score0.12442EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2019/07/15 6:56 p.m.36 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.9AI score0.12442EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/07/12 12:0 a.m.134 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2019)

The Microsoft Team Foundation or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could...

9.8CVSS7.5AI score0.12442EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/07/11 12:0 a.m.5 views

The vulnerability of the Azure DevOps Server software lies in its shortcomings in handling authorization requests. This allows attackers to perform cross-site forgery of these requests.

The vulnerability of the Azure DevOps Server software lies in its shortcomings in processing authorization requests for applications. Exploiting this vulnerability allows a malicious actor to perform cross-site forgery of authorization requests remotely...

6.5CVSS5.3AI score0.0157EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/07/10 12:0 a.m.2 views

Microsoft Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability (CNVD-2019-24392)

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...

5.4CVSS6.4AI score0.01627EPSS
Exploits0References1
Rows per page
Query Builder