CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33136 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33136
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2023-38155 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38155
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MachinePropertyBag class. The issue results from the lack of proper validation of user-sup... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36869 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36869
08 Aug 2023 — Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 12%CPEs: 8EXPL: 0CVE-2021-27067 – Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27067
13 Apr 2021 — Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Azure DevOps Server y Team Foundation Server • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067 •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-17145 – Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-17145
09 Dec 2020 — Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Azure DevOps Server y Team Foundation Services • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17135 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-17135
09 Dec 2020 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación del servidor Azure DevOps • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135 •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1326
https://notcve.org/view.php?id=CVE-2020-1326
14 Jul 2020 — A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Azure DevOps Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Azure DevOps Server Cross-site Scripting Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1327
https://notcve.org/view.php?id=CVE-2020-1327
09 Jun 2020 — A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad en Microsoft Azure DevOps Server cuando presenta un fallo al manejar apropiadamente las peticiones web, también se conoce como "Azure DevOps Server HTML Injection Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2020-0758
https://notcve.org/view.php?id=CVE-2020-0758
12 Mar 2020 — An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815. Existe una vulnerabilidad de elevación de privilegios cuando Azure DevOps Server y Team Foundation Services manejan inapropiadamente los tokens de trabajo de canalización (pipeline), también se conoce como "Azure DevOps Server and Team F... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-0700
https://notcve.org/view.php?id=CVE-2020-0700
12 Mar 2020 — A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. Existe una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Azure DevOps Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Azure DevOps Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •