Lucene search
K

1382 matches found

NVD
NVD
added 2019/06/12 2:29 p.m.36 views

CVE-2019-0996

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the...

6.5CVSS6.2AI score0.0157EPSS
Exploits0References2
Prion
Prion
added 2019/06/12 2:29 p.m.16 views

Cross site request forgery (csrf)

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'...

4.3CVSS6.2AI score0.0157EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/06/12 1:49 p.m.40 views

CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability

...

6.2AI score0.0157EPSS
Exploits0References1
CVE
CVE
added 2019/06/12 1:49 p.m.96 views

CVE-2019-0996

CVE-2019-0996 affects Microsoft Azure DevOps Server and describes a cross-site request forgery (CSRF/XSRF) flaw in how application registration requests are handled. The underlying issue could allow an attacker to bypass OAuth protections and register an application on behalf of a targeted user i...

6.5CVSS6.2AI score0.0157EPSS
Exploits0References2Affected Software1
Microsoft Secure
Microsoft Secure
added 2019/06/11 4:0 p.m.52 views

4 best practices to help you integrate security into DevOps

Microsoft’s transition of its corporate resources to the cloud required us to rethink how we integrate security into the agile development environment. In the old process, we often worked on 6- to 12-month development cycles for internal products. The security operations team was separate from th...

7.5AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.32 views

Azure DevOps Server Spoofing Vulnerability

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the...

6.5CVSS2AI score0.0157EPSS
Exploits0
Symantec
Symantec
added 2019/06/11 12:0 a.m.78 views

Microsoft Azure DevOps Server CVE-2019-0996 Spoofing Vulnerability

Description Microsoft Azure DevOps Server is prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks and to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Azure DevOps...

6.8AI score0.0157EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2019/06/11 12:0 a.m.44 views

KLA11501 Security UI vulnerability in Microsoft Developer Tools

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2019-0996 Related products Microsoft-Azure CVE list CVE-2019-0996 warning KB list Solution Install necessary updates from the KB section...

6.5CVSS6.4AI score0.0157EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/06/11 12:0 a.m.33 views

Security Updates for Azure DevOps Server (June 2019)

The Azure DevOps Server is missing a security update. It is, therefore, affected by a cross-site request forgery XSRF vulnerability: - A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. A...

6.5CVSS6.4AI score0.0157EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2019/06/10 3:0 p.m.74 views

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of Azure DevOps Server and Team Foundation Server software lies in the lack of measures for input data cleansing, which allows attackers to execute cross-site scripting attacks.

The vulnerability of Azure DevOps Server and Team Foundation Server lies in the lack of measures for input data cleansing. Exploiting this vulnerability can allow a malicious actor to perform cross-site scripting attacks remotely...

5.4CVSS5.9AI score0.01697EPSS
Exploits0References3Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/05/17 2:14 p.m.158 views

This Week in Security News: Unsecured Servers and Vulnerable Processors

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about vulnerabilities that can allow hackers to retrieve data from CPUs and mine cryptocurrency. Read on: May’s Patch Tuesday Include...

10CVSS0.3AI score0.98326EPSS
Exploits5
CNVD
CNVD
added 2019/05/17 12:0 a.m.5 views

Microsoft Team Foundation Server and Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...

5.4CVSS6.4AI score0.01697EPSS
Exploits0References1
OSV
OSV
added 2019/05/16 7:29 p.m.2 views

CVE-2019-0979

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872...

5.4CVSS5.8AI score0.01697EPSS
Exploits0References1
NVD
NVD
added 2019/05/16 7:29 p.m.25 views

CVE-2019-0971

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...

9CVSS6.1AI score0.08464EPSS
Exploits0References1
NVD
NVD
added 2019/05/16 7:29 p.m.25 views

CVE-2019-0979

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872...

5.4CVSS5.2AI score0.01697EPSS
Exploits0References1
OSV
OSV
added 2019/05/16 7:29 p.m.4 views

CVE-2019-0971

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...

6.5CVSS6.7AI score0.08464EPSS
Exploits0References1
NVD
NVD
added 2019/05/16 7:29 p.m.20 views

CVE-2019-0872

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979...

5.4CVSS5.2AI score0.01697EPSS
Exploits0References1
OSV
OSV
added 2019/05/16 7:29 p.m.2 views

CVE-2019-0872

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979...

5.4CVSS6.3AI score0.01697EPSS
Exploits0References1
Prion
Prion
added 2019/05/16 7:29 p.m.17 views

Cross site scripting

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872...

3.5CVSS5.3AI score0.01697EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder