Lucene search
K

1393 matches found

Cvelist
Cvelist
added 2021/04/13 7:32 p.m.23 views

CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

...

6.5CVSS6.8AI score0.02645EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2021/04/13 7:0 a.m.45 views

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

...

6.5CVSS6.8AI score0.02645EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/04/13 7:0 a.m.52 views

Azure DevOps Server Spoofing Vulnerability

...

6.1CVSS6.6AI score0.02317EPSS
Exploits3
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.8 views

Microsoft Azure DevOps Server 信息泄露漏洞

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. An information disclosure vulnerability exists in Azure DevOps Server and Team...

6.5CVSS6.6AI score0.02645EPSS
Exploits0References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/04/13 12:0 a.m.12 views

HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020

We provide the technical details of a supply chain attack on an improperly configured Azure DevOps Server 2020, specifically in the continuous integration and continuous delivery CI/CD Pipeline Agent communicating without TLS...

1.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.6 views

PT-2021-2707 · Microsoft · Team Foundation Server +1

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Server affected versions not specified Description: The issue is related to errors in handling objects in memory within the Team Foundation Services component of Azure DevOps Server. This can allow a...

6.8CVSS6.4AI score0.02645EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.4 views

Microsoft Azure DevOps Server 跨站脚本漏洞

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. A cross-site scripting vulnerability exists in Microsoft Azure DevOps Server. The...

6.1CVSS6.9AI score0.02317EPSS
Exploits3References7
NCSC
NCSC
added 2021/04/13 12:0 a.m.73 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...

7.8CVSS7.1AI score0.63034EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.5 views

PT-2021-2727 · Microsoft · Azure Devops Server

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to the failure to protect the web page structure, which can lead to cross-site scripting attacks. A remote attacker can exploit this to conduct such attacks...

6.4CVSS6.4AI score0.02317EPSS
Exploits3References5
Rapid7 Blog
Rapid7 Blog
added 2021/04/07 9:23 p.m.42 views

Security Isn’t a Four-Letter Word: How Infrastructure as Code (IaC) Amplifies DevOps Through the Inclusion of Security

Our fast-paced lives are fueled by innovative, cloud-native companies. We are able to watch our favorite programs and movies from anywhere in the world on any device. We are able to collaborate with our colleagues on an upcoming presentation, regardless of whether we’re in the office or at home...

7.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/04/06 12:0 a.m.7 views

DevOps Teams Can Prove ISO Compliance with Automation

Learn the ISO standards for security and cloud compliance as well as the automated mechanisms to ensure those standards...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/03/08 11:28 p.m.11 views

AppSec Bites: Implementing DevOps? What Security Teams Need to Know. (Part 4)

DevOps practices can be difficult to implement for any business. While the overall goal is to streamline the business and join the development and operations sides of things together, the first step needs to be a strong relationship between DevOps and security teams otherwise things will typicall...

1.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/08 4:51 p.m.117 views

How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments

This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on March 9? Register here! The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2021/03/05 8:30 p.m.46 views

Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes

Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale. kubestriker is Platform agnostic and works equally wel...

7.8AI score
Exploits0References1
Imperva Blog
Imperva Blog
added 2021/02/25 5:47 p.m.37 views

Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

0.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/02/08 2:0 p.m.46 views

Edge Redirector Cloudlet Gets Faster

Written by Maksym Novoseltsev - Senior Software Engineer, and Jeffrey Costa - Senior Product Manager, Web Performance Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/01 2:0 p.m.47 views

Rapid7 Acquires Leading Kubernetes Security Provider, Alcide

Organizations around the globe continue to embrace the flexibility, speed, and agility of the cloud. Those that have adopted it are able to accelerate innovation and deliver real value to their customers faster than ever before. However, while the cloud can bring a tremendous amount of benefits t...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/25 3:6 p.m.48 views

Finding Results at the Intersection of Security and Engineering

As vice president and head of global security at ActiveCampaign, I’m fortunate to be able to draw on a multitude of experiences and successes in my career. I started in general network security, where I was involved in pen testing and security research. I worked at several multibillion-dollar Saa...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/01/25 12:0 a.m.6 views

Theonedev Onedev Information Disclosure Vulnerability

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev Onedev versions prior to...

8.6CVSS6.3AI score0.49051EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/25 12:0 a.m.6 views

Theonedev Onedev Injection Vulnerability (CNVD-2021-06530)

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev versions prior to 4.0.3 hav...

9.6CVSS7.1AI score0.02932EPSS
Exploits0References1
Rows per page
Query Builder