CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33136 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33136
Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2023-38155 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38155
Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MachinePropertyBag class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36869 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36869
Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21569 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21569
Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21565 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21565
Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •