Lucene search
K
MicrosoftTeam Foundation Server

23 matches found

CVE
CVE
added 2019/07/15 6:56 p.m.168 views

CVE-2019-1076

CVE-2019-1076 is a Cross-site Scripting (XSS) vulnerability affecting Microsoft Team Foundation Server and Azure DevOps Server. The issue arises when input is not properly sanitized, allowing an attacker to execute script in the context of the affected user. Public exploit activity is noted in th...

5.4CVSS6.6AI score0.01627EPSS
CVE
CVE
added 2019/07/15 6:56 p.m.143 views

CVE-2019-1072

Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...

9.8CVSS9.8AI score0.12442EPSS
CVE
CVE
added 2019/09/11 9:25 p.m.118 views

CVE-2019-1306

CVE-2019-1306 is a remote code execution vulnerability affecting Azure DevOps Server and Team Foundation Server (TFS). The issue arises when the products fail to properly validate input, enabling an attacker to upload a specially crafted file to a vulnerable repo and cause indexing, which could l...

9.8CVSS9.8AI score0.16988EPSS
CVE
CVE
added 2019/09/11 9:25 p.m.111 views

CVE-2019-1305

CVE-2019-1305 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server/Azure DevOps Server where user input is not properly sanitized. An authenticated attacker can send a crafted payload that executes in the user’s browser, enabling theft of credentials, reading restricted content...

5.4CVSS6.6AI score0.01535EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.106 views

CVE-2020-17145

CVE-2020-17145 affects Azure DevOps Server and Team Foundation Server/Services. The vulnerability is described as a Spoofing Vulnerability, with a MEDIUM severity (CVSSv3 base 5.4) and CVSSv2 base 4.9. Attack vector is network; no user interaction required for CVSSv2, but CVSSv3 indicates user in...

5.4CVSS5.5AI score0.01387EPSS
CVE
CVE
added 2021/04/13 7:32 p.m.103 views

CVE-2021-27067

CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...

6.5CVSS6.2AI score0.02645EPSS
CVE
CVE
added 2019/04/09 8:20 p.m.100 views

CVE-2019-0870

Technical details about CVE-2019-0870 are not provided in the connected documents. The available data include a description of an XSS vulnerability in Azure DevOps Server/TFS and CVSS metrics. Monitor for updates.

6.1CVSS5.5AI score0.02419EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.95 views

CVE-2020-0758

CVE-2020-0758 describes an elevation of privilege in Azure DevOps Server and Team Foundation Services caused by improper handling of pipeline job tokens. The vulnerability enables an attacker to gain higher privileges via the token mechanism, with network-based access (CVSSv3.1: 7.5, HIGH; ATT&CK...

7.5CVSS7.5AI score0.02015EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.93 views

CVE-2020-0700

CVE-2020-0700 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server where user input is not properly sanitized. The underlying issue is improper sanitization of inputs, allowing an authenticated attacker to send a crafted payload that executes in the context of the current user whe...

5.4CVSS5.6AI score0.01328EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.89 views

CVE-2018-8602

CVE-2018-8602 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server (TFS) where user input is not properly sanitized. The connected documents corroborate that an authenticated attacker could exploit this vulnerability by sending a crafted payload to TFS, resulting in script exec...

5.4CVSS6.6AI score0.01503EPSS
CVE
CVE
added 2019/04/09 8:19 p.m.85 views

CVE-2019-0866

CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...

6.1CVSS5.5AI score0.02626EPSS
CVE
CVE
added 2019/05/16 6:24 p.m.84 views

CVE-2019-0971

CVE-2019-0971 affects Azure DevOps Server and Team Foundation Server. It is an information disclosure vulnerability caused by improper sanitization of a specially crafted authentication request, allowing an authenticated attacker to perform server-side requests and access sensitive information. T...

9CVSS6.2AI score0.08464EPSS
CVE
CVE
added 2019/04/09 8:19 p.m.81 views

CVE-2019-0867

Azure DevOps Server and Team Foundation Server are affected by a Cross-site Scripting (XSS) vulnerability caused by improper validation/sanitization of user input. The CNVD entries describe a vulnerability where attacker-controlled input could execute scripts in the security context of the curren...

6.1CVSS5.5AI score0.02387EPSS
CVE
CVE
added 2019/05/16 6:24 p.m.79 views

CVE-2019-0979

Technical details (affected products, versions, root cause, exploitability) are not publicly provided in the connected documents; monitor for updates.

5.4CVSS5.3AI score0.01697EPSS
CVE
CVE
added 2019/05/16 6:17 p.m.78 views

CVE-2019-0872

CVE-2019-0872 is an XSS vulnerability in Microsoft’s Azure DevOps Server and Team Foundation Server caused by improper sanitization/validation of client-side input in the WEB application. The linked Red Hat entry confirms the root cause as a lack of proper input validation leading to cross-site s...

5.4CVSS5.3AI score0.01697EPSS
CVE
CVE
added 2019/04/09 2:7 a.m.76 views

CVE-2019-0777

CVE-2019-0777 is a Cross-site Scripting (XSS) vulnerability in Microsoft Team Foundation Server (TFS). The root cause is improper sanitization of user input in TFS, enabling an attacker to run script in the context of a logged-in user. Affected products include Team Foundation Server, with specif...

5.4CVSS5.3AI score0.01697EPSS
CVE
CVE
added 2019/04/09 8:20 p.m.75 views

CVE-2019-0871

Azure DevOps Server and Team Foundation Server are affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An attacker could exploit this to run scripts in the security context of the current user. CNVD entries describe the issue but do not pr...

6.1CVSS5.5AI score0.02419EPSS
CVE
CVE
added 2019/04/09 8:19 p.m.73 views

CVE-2019-0868

Affected products: Azure DevOps Server and Team Foundation Server (TFS). Vulnerability type: Cross‑Site Scripting (XSS) caused by improper validation of user‑supplied input. Impact (as described): Potential for an attacker to execute scripts in the security context of the current user. Root cause...

6.1CVSS5.5AI score0.02419EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.67 views

CVE-2019-0743

Technical details (affected products/versions/root cause/impact/fix) for CVE-2019-0743 are not publicly available in the provided connected documents. Monitor for updates to external advisories and CVE records.

5.4CVSS5.3AI score0.01773EPSS
CVE
CVE
added 2019/01/17 6:0 p.m.66 views

CVE-2019-0646

The issue is a real CVE: CVE-2019-0646 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server caused by improper sanitization of user input. An authenticated attacker could exploit a crafted payload to execute scripts in the context of the logged-in user, potentially reading cont...

5.4CVSS5.6AI score0.01461EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.64 views

CVE-2019-0742

CVE-2019-0742 is a Cross-site Scripting (XSS) vulnerability in Microsoft Team Foundation Server (TFS) where input was not properly sanitized. Connected CNVD data specifies affected software as Microsoft Team Foundation Server 2018 Update version 3.2, with the root cause being failure to properly ...

5.4CVSS5.3AI score0.01773EPSS
CVE
CVE
added 2018/11/15 7:0 p.m.63 views

CVE-2018-8529

CVE-2018-8529 : A remote code execution vulnerability exists in Team Foundation Server (TFS) where basic authorization is not enabled on the communication between TFS and the Search services. The underlying issue allows an attacker to execute commands on the Search service. Microsoft’s security u...

9.8CVSS9.8AI score0.13455EPSS
CVE
CVE
added 2019/01/17 6:0 p.m.61 views

CVE-2019-0647

CVE-2019-0647 affects Microsoft Team Foundation Server (TFS) and stems from improper handling of variables marked as secret. An authenticated attacker could view other users’ hidden secret variables by creating a task group with a secret-containing task. Affected products include TFS 2017 Update ...

6.5CVSS6AI score0.04611EPSS