Lucene search
K

1382 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2019/09/19 1:53 p.m.60 views

Beyond The Standard CISO Cloud Security Guide

Verizon recently released a 5 step process for evaluating cloud security products and services to inform purchase decisions. That’s a fantastic tool for buyers to have. This is especially helpful because cloud discussions are almost always driven by business objectives to satisfy a cost and or...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/09/12 6:54 p.m.88 views

APIs Ease Customer Interaction — and External Attacks. Here’s how to Protect Them.

To deliver seamless service experiences to our customers, businesses now rely heavily on application programming interfaces APIs. These are a non-negotiable aspect of the way we streamline the interactions and conversations we have with our customers, both internal and external. APIs are now so...

0.1AI score
Exploits0
OSV
OSV
added 2019/09/11 10:15 p.m.5 views

CVE-2019-1306

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS7.9AI score0.15913EPSS
Exploits1References1
NVD
NVD
added 2019/09/11 10:15 p.m.29 views

CVE-2019-1306

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS9.9AI score0.15913EPSS
Exploits1References1
Prion
Prion
added 2019/09/11 10:15 p.m.24 views

Remote code execution

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

7.5CVSS9.8AI score0.15913EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2019/09/11 9:25 p.m.117 views

CVE-2019-1306

CVE-2019-1306 is a remote code execution vulnerability affecting Azure DevOps Server and Team Foundation Server (TFS). The issue arises when the products fail to properly validate input, enabling an attacker to upload a specially crafted file to a vulnerable repo and cause indexing, which could l...

9.8CVSS9.8AI score0.15913EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/09/11 9:25 p.m.31 views

CVE-2019-1306

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...

9.9AI score0.15913EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2019/09/10 6:0 p.m.169 views

September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerabili...

9.3CVSS0.5AI score0.19403EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.52 views

Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service account. To exploit the...

9.8CVSS2.8AI score0.15913EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2019/09/10 12:0 a.m.34 views

Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure DevOps Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of markdown files during indexing of wiki content. A crafted...

8.3CVSS5.1AI score0.15913EPSS
Exploits1References1
Symantec
Symantec
added 2019/09/10 12:0 a.m.13 views

Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

Description Microsoft Azure DevOps Server and Team Foundation Server are prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely result in denial of service conditions...

0.2AI score
Exploits0Affected Software2
Symantec
Symantec
added 2019/09/10 12:0 a.m.31 views

Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.4AI score0.01432EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/09/10 12:0 a.m.51 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (September 2019)

The Microsoft Team Foundation or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could...

9.8CVSS8.1AI score0.15913EPSS
Exploits1References2
Kaspersky
Kaspersky
added 2019/09/10 12:0 a.m.64 views

KLA11554 Multiple vulnerabilities in Microsoft Developer tools

Multiple vulnerabilities were found in Microsoft Developer tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

9.8CVSS8.9AI score0.15913EPSS
Exploits1References31
ThreatPost
ThreatPost
added 2019/09/03 6:17 p.m.347 views

How to Get a Handle on Patch Management

Patch management is a thankless job. Data shows, despite best efforts, that 80 percent of enterprise applications have at least one unpatched vulnerability in them, according research by Veracode. It is not for lack of trying that vulnerabilities persist. Last year 16,500 vulnerabilities were...

10CVSS10AI score0.99999EPSS
Exploits123References23
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/23 2:1 p.m.26 views

This Week in Security News: DevOps Implementation Concerns and Malware Variants

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how most respondents to a Trend Micro survey shared their concern for the risks in implementing DevOps. Also, read on about how...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/07 6:20 p.m.75 views

Black Hat 2019: Security's Powerful Cultural Transformation

LAS VEGAS — “Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas. Taking as a first principle the idea that security teams now have the ear of company boards...

7.5AI score
Exploits0References2
Akamai Blog
Akamai Blog
added 2019/08/05 9:29 p.m.73 views

Top 10 Practices for Securing Cloud Workloads

Public cloud is one of the biggest challenges in every IT organization. While driving greater scalability, performance, and access for a competitive edge, it also introduces new security risks. More than just hosted data center infrastructure, public cloud offers the promise of agility, efficienc...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/05 4:0 p.m.71 views

Microsoft Lab Offers $300K For Working Azure Exploits

Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testi...

8AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/07/23 12:0 a.m.4 views

The vulnerability relates to the set of tools for developing software for collaborative work within Azure DevOps Server and the Project Management and Version Control system Team Foundation Server. It stems from the lack of measures for cleaning input data, allowing a malicious actor to execute arbitrary code in the context of the current user.

The vulnerability of the Azure DevOps Server and Team Foundation Server project management and version control systems relates to the lack of measures for input data cleansing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, by...

5.5CVSS6AI score0.01627EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder