Lucene search
K

1393 matches found

Positive Technologies
Positive Technologies
added 2020/12/08 12:0 a.m.4 views

PT-2020-5240 · Microsoft · Azure Devops Server

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to insufficient input validation in Azure DevOps Server, which can be exploited by a remote attacker to impact the confidentiality and integrity of protecte...

6.4CVSS6.1AI score0.01234EPSS
Exploits0References6
NCSC
NCSC
added 2020/12/08 12:0 a.m.6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...

9.4CVSS7.4AI score0.03552EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/12/08 12:0 a.m.4 views

PT-2020-5229 · Microsoft · Team Foundation Server +1

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Services affected versions not specified Description: The issue is related to incorrect code generation management in Azure DevOps Server and Team Foundation Server. Exploitation of this issue may allow...

5.4CVSS5.3AI score0.01387EPSS
Exploits0References7
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Microsoft Azure DevOps Server Input Validation Error Vulnerability

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. An input validation error vulnerability exists in Microsoft Azure DevOps Server. The...

5.4CVSS6AI score0.01387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/12/08 12:0 a.m.42 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (December 2020)

The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple spoofing vulnerabilities. An attacker can exploit these to perform actions with the privileges of another user. Note that Nessus has not tested for these issues but has...

6.4CVSS6AI score0.01512EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/11/24 12:0 a.m.2 views

The vulnerability of the Team Foundation Services component of the software development tool Azure DevOps Server, which allows a hacker to manipulate the content of a page.

The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to a false representation of information on the user interface. Exploiting this vulnerability could allow a malicious actor to manipulate the page content remotely...

7.5CVSS5.8AI score0.01512EPSS
Exploits0References3
NVD
NVD
added 2020/11/11 7:15 a.m.23 views

CVE-2020-1325

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability...

5.5CVSS5.8AI score0.01512EPSS
Exploits0References1
OSV
OSV
added 2020/11/11 7:15 a.m.4 views

CVE-2020-1325

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability...

5.4CVSS6.1AI score0.01512EPSS
Exploits0References1
Prion
Prion
added 2020/11/11 7:15 a.m.23 views

Spoofing

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability...

5.5CVSS5.7AI score0.01512EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/11 6:48 a.m.95 views

CVE-2020-1325

CVE-2020-1325 affects Microsoft Azure DevOps Server and Team Foundation Server/Services, with a spoofing vulnerability in the Team Foundation/DevOps UI that can allow impersonation or UI spoofing. Affected products include Azure DevOps Server and Visual Studio/DevOps components; the issue is repo...

5.5CVSS5.6AI score0.01512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/11 6:48 a.m.35 views

CVE-2020-1325 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

...

5.4CVSS5.8AI score0.01512EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.51 views

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

...

5.5CVSS6.3AI score0.01512EPSS
Exploits0
NCSC
NCSC
added 2020/11/10 12:0 a.m.11 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with both user privileges as well as elevated privileges or manipulate data. Vulnerabilities related to Visual Studio can only be be exploited by...

9.3CVSS7.4AI score0.03551EPSS
Exploits0
Kaspersky
Kaspersky
added 2020/11/10 12:0 a.m.30 views

KLA11998 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure DevOps Server and Team Foundation Services can be...

9.3CVSS7AI score0.03551EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/10 12:0 a.m.7 views

PT-2020-4827 · Microsoft · Azure Devops Server +1

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Services affected versions not specified Description: The issue is related to a spoofing vulnerability in the Team Foundation Services component of Azure DevOps Server, where the user interface can be...

7.5CVSS5.1AI score0.01512EPSS
Exploits0References6
Prion
Prion
added 2020/11/06 12:15 p.m.12 views

Stack overflow

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

5CVSS8AI score0.01452EPSS
Exploits0References1Affected Software1
Imperva Blog
Imperva Blog
added 2020/10/22 1:7 p.m.71 views

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

7.5CVSS0.2AI score0.99999EPSS
Exploits19
Qualys Blog
Qualys Blog
added 2020/10/16 3:0 p.m.38 views

Qualys Policy Compliance Plugin for Jenkins Now Available

Various factors may introduce vulnerabilities in a product during its lifecycle, resulting in a drift from the required compliance status. Hence, it is of utmost importance that security is baked into the product at every stage of development and possibilities of security gaps are ruled out. CI/C...

0.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/10/12 4:0 p.m.27 views

Advanced protection for web applications in Azure with Radware’s Microsoft Security integration

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project OWASP vulnerabilities,...

0.2AI score
Exploits0
Veracode
Veracode
added 2020/09/15 1:48 a.m.15 views

Information Disclosure

renovate is vulnerable to information disclosure. The Azure DevOps token is disclosed on the server and in the pipeline logs due to the logging of the http.extraheader=AUTHORIZATION parameter without redaction...

1.4AI score
Exploits0
Rows per page
Query Builder