Lucene search
K

1382 matches found

BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.3 views

The vulnerability in the set of tools for developing software for Azure DevOps Server and Team Foundation Server, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Azure DevOps Server and Team Foundation Server project management and version control systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.8CVSS5.9AI score0.12442EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/07/15 7:15 p.m.5 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS7.9AI score0.12442EPSS
Exploits0References1
NVD
NVD
added 2019/07/15 7:15 p.m.28 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS9.9AI score0.12442EPSS
Exploits0References1
Prion
Prion
added 2019/07/15 7:15 p.m.20 views

Remote code execution

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

7.5CVSS9.8AI score0.12442EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2019/07/15 6:56 p.m.36 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.9AI score0.12442EPSS
Exploits0References1
CVE
CVE
added 2019/07/15 6:56 p.m.142 views

CVE-2019-1072

Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...

9.8CVSS9.8AI score0.12442EPSS
Exploits0References1Affected Software2
Qualys Blog
Qualys Blog
added 2019/07/15 3:0 p.m.65 views

Countdown to Black Hat: Top 10 Sessions to Attend — #6

With Black Hat USA 2019 less than a month away, we continue our blog series with weekly recommendations of training courses and research briefings to attend at the conference. Our pick this week: the research briefing Controlled Chaos: The Inevitable Marriage of DevOps & Security. This 50-minute...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/12 12:0 a.m.134 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2019)

The Microsoft Team Foundation or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could...

9.8CVSS7.5AI score0.12442EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/07/11 12:0 a.m.5 views

The vulnerability of the Azure DevOps Server software lies in its shortcomings in handling authorization requests. This allows attackers to perform cross-site forgery of these requests.

The vulnerability of the Azure DevOps Server software lies in its shortcomings in processing authorization requests for applications. Exploiting this vulnerability allows a malicious actor to perform cross-site forgery of authorization requests remotely...

6.5CVSS5.3AI score0.0157EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/07/10 12:0 a.m.2 views

Microsoft Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability (CNVD-2019-24392)

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...

5.4CVSS6.4AI score0.01627EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/10 12:0 a.m.3 views

Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

Team Foundation Server is a Microsoft product that provides source code management, reporting, requirements management, project management, automated build, lab management, testing, and release management capabilities. Azure DevOps Server, formerly known as Team Foundation Server TFS, is a locall...

9.8CVSS8.1AI score0.12442EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/07/09 8:4 p.m.178 views

Microsoft Patches A Pair of Zero-Days Under Active Attack

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash. Eleven of the critical bugs are for scripting...

8.5CVSS9.2AI score0.98745EPSS
Exploits7References18
Qualys Blog
Qualys Blog
added 2019/07/09 6:12 p.m.290 views

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In...

7.8CVSS8.7AI score0.98745EPSS
Exploits7
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.55 views

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account. To exploit the...

9.8CVSS2.3AI score0.12442EPSS
Exploits0
Symantec
Symantec
added 2019/07/09 12:0 a.m.70 views

Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.4AI score0.01627EPSS
Exploits0Affected Software2
Kaspersky
Kaspersky
added 2019/07/09 12:0 a.m.101 views

KLA11513 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security...

9.8CVSS9.8AI score0.12442EPSS
Exploits2References46
Qualys Blog
Qualys Blog
added 2019/06/17 3:0 p.m.88 views

Countdown to Black Hat: Top 10 Sessions to Attend — #2

Black Hat USA 2019 is still two months away, but it’s never too early for attendees to start planning their schedule. That’s why each week we’re recommending one session from the scores of research briefings and training courses that will be offered at the conference. Following our first pick las...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.7 views

The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools lies in the lack of protection for service data. This allows attackers to execute arbitrary code and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Team Foundation Server and Azure DevOps Server software lies in the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, thereby compromising the confidentiality, integrity, and accessibility of...

9CVSS6AI score0.08464EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.3 views

The vulnerability of the Team Foundation Server and Azure DevOps Server software lies in the lack of security measures taken to protect the website structure. This allows attackers to execute cross-site scripting attacks and execute arbitrary code in the context of the current user.

The vulnerabilities of Team Foundation Server and Azure DevOps Server exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to remotely execute cross-site scripting attacks and execute arbitrary code in the context of t...

5.5CVSS5.7AI score0.01697EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/06/12 2:29 p.m.5 views

CVE-2019-0996

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the...

6.5CVSS6.6AI score0.0157EPSS
Exploits0References2
Rows per page
Query Builder