Lucene search
K

522 matches found

Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.22 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02419EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.19 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02626EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.29 views

Azure DevOps Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account. To exploit the vulnerability, an...

7.5CVSS2.1AI score0.03023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.39 views

Azure DevOps Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...

6.1CVSS2AI score0.01983EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.30 views

Azure DevOps Server Spoofing Vulnerability

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input. An attacker who exploited the vulnerability could trick a user into loading a page containing malicious content. An authenticated attacker could...

6.5CVSS1.6AI score0.03858EPSS
Exploits0
Symantec
Symantec
added 2019/04/09 12:0 a.m.38 views

Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability

Description Microsoft Azure DevOps Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, to conduct spoofing attacks or redirect the user to a malicious website. Other attacks are al...

6.2AI score0.01955EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.27 views

Microsoft Azure DevOps Server CVE-2019-0875 Remote Privilege Escalation Vulnerability

Description Microsoft Azure DevOps Server is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure DevOps Server 2019 Recommendations Run all...

0.5AI score0.03023EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.24 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.5AI score0.02419EPSS
Exploits0Affected Software2
Symantec
Symantec
added 2019/04/09 12:0 a.m.29 views

Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability

Description Microsoft Azure DevOps Server is prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks and to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Azure DevOps...

6.5AI score0.03858EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.18 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server and Team Foundation Server are prone to a cross-site scripting vulnerability because they fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.3AI score
Exploits0Affected Software2
Symantec
Symantec
added 2019/04/09 12:0 a.m.38 views

Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

6.5AI score0.01983EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.23 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.5AI score0.02419EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.31 views

Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (April 2019)

The Microsoft Team Foundation Server or Azure DevOps Server installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project...

7.5CVSS6.5AI score0.03858EPSS
Exploits0References15
MSRC
MSRC
added 2019/04/02 10:32 p.m.85 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

7.4AI score
Exploits0
MSRC
MSRC
added 2019/04/02 7:0 a.m.6 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/04/02 7:0 a.m.9 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

6.8AI score
Exploits0
FireEye
FireEye
added 2019/03/20 3:45 p.m.28 views

SilkETW: Because Free Telemetry is … Free!

Over time people have had an on-again, off-again interest in Event Tracing for Windows ETW. ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ET...

0.1AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/01/17 10:36 p.m.40 views

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...

6.9AI score
Exploits0References5
MSRC
MSRC
added 2019/01/17 4:0 p.m.83 views

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

7.2AI score
Exploits0
MSRC
MSRC
added 2019/01/17 8:0 a.m.9 views

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

6.9AI score
Exploits0
Rows per page
Query Builder