Lucene search
K

1378 matches found

Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.22 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02419EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.25 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02419EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.29 views

Azure DevOps Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account. To exploit the vulnerability, an...

7.5CVSS2.1AI score0.03023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.39 views

Azure DevOps Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...

6.1CVSS2AI score0.01983EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.36 views

Azure DevOps Server HTML Injection Vulnerability

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An...

6.1CVSS0.6AI score0.01955EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.19 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02626EPSS
Exploits0
Symantec
Symantec
added 2019/04/09 12:0 a.m.23 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.5AI score0.02419EPSS
Exploits0Affected Software2
Symantec
Symantec
added 2019/04/09 12:0 a.m.37 views

Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability

Description Microsoft Azure DevOps Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, to conduct spoofing attacks or redirect the user to a malicious website. Other attacks are al...

6.2AI score0.01955EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.37 views

Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

6.5AI score0.01983EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.28 views

Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability

Description Microsoft Azure DevOps Server is prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks and to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Azure DevOps...

6.5AI score0.03858EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.27 views

Microsoft Azure DevOps Server CVE-2019-0875 Remote Privilege Escalation Vulnerability

Description Microsoft Azure DevOps Server is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure DevOps Server 2019 Recommendations Run all...

0.5AI score0.03023EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.18 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server and Team Foundation Server are prone to a cross-site scripting vulnerability because they fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.3AI score
Exploits0Affected Software2
Symantec
Symantec
added 2019/04/09 12:0 a.m.22 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.5AI score0.02419EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.31 views

Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (April 2019)

The Microsoft Team Foundation Server or Azure DevOps Server installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project...

7.5CVSS6.5AI score0.03858EPSS
Exploits0References15
MSRC
MSRC
added 2019/04/02 10:32 p.m.85 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

7.4AI score
Exploits0
MSRC
MSRC
added 2019/04/02 7:0 a.m.6 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/04/02 7:0 a.m.9 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

6.8AI score
Exploits0
FireEye
FireEye
added 2019/03/20 3:45 p.m.28 views

SilkETW: Because Free Telemetry is … Free!

Over time people have had an on-again, off-again interest in Event Tracing for Windows ETW. ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ET...

0.1AI score
Exploits0References11
Carbon Black Blog
Carbon Black Blog
added 2019/03/18 5:45 p.m.94 views

Why DevOps is Becoming More Like DevSecOps

Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...

0.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2019/03/13 8:15 p.m.55 views

Thoughts on Cloud Security

Recently I've been reading about cloud security and security with respect to DevOps. I'll say more about the excellent book I'm reading, but I had a moment of déjà vu during one section. The book described how cloud security is a big change from enterprise security because it relies less on...

7.8AI score
Exploits0
Rows per page
Query Builder