CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1327
https://notcve.org/view.php?id=CVE-2020-1327
09 Jun 2020 — A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad en Microsoft Azure DevOps Server cuando presenta un fallo al manejar apropiadamente las peticiones web, también se conoce como "Azure DevOps Server HTML Injection Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-0815
https://notcve.org/view.php?id=CVE-2020-0815
12 Mar 2020 — An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758. Existe una vulnerabilidad de elevación de privilegios cuando Azure DevOps Server y Team Foundation Services manejan inapropiadamente los tokens de trabajo de canalización (pipeline), también se conoce como "Azure DevOps Server and Team F... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-0758
https://notcve.org/view.php?id=CVE-2020-0758
12 Mar 2020 — An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815. Existe una vulnerabilidad de elevación de privilegios cuando Azure DevOps Server y Team Foundation Services manejan inapropiadamente los tokens de trabajo de canalización (pipeline), también se conoce como "Azure DevOps Server and Team F... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-0700
https://notcve.org/view.php?id=CVE-2020-0700
12 Mar 2020 — A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. Existe una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Azure DevOps Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Azure DevOps Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1234
https://notcve.org/view.php?id=CVE-2019-1234
12 Nov 2019 — A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad cuando Azure Stack no es capaz de comprobar determinadas peticiones, también se conoce como "Azure Stack Spoofing Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2019-1372
https://notcve.org/view.php?id=CVE-2019-1372
10 Oct 2019 — An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulne... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1305
https://notcve.org/view.php?id=CVE-2019-1305
11 Sep 2019 — A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Team Foundation Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Team Foundation Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2019-1306 – Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1306
10 Sep 2019 — A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota cuando Azure DevOps Server (ADO) y Team Foundation Server (TFS) no pueden comprobar la entrada apropiadamente, también se conoce como "Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability". This vulnerab... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1076
https://notcve.org/view.php?id=CVE-2019-1076
15 Jul 2019 — A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Se presenta una vulnerabilidad de Cross-site-Scripting (XSS) cuando Team Foundation Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Team Foundation Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •