Monthly Archive: April 2019

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target...

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the...

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. Date published...

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,...

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,...

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka ‘Open Enclave SDK Information Disclosure Vulnerability’. Date published : 2019-04-09 http://www.securityfocus.com/bid/107743 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0876

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka ‘Azure DevOps Server Elevation of Privilege Vulnerability’. Date published : 2019-04-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Cross-site Scripting Vulnerability’. Date published : 2019-04-09 http://www.securityfocus.com/bid/107759 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0874

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka ‘Azure DevOps Server HTML Injection Vulnerability’. Date published : 2019-04-09 http://www.securityfocus.com/bid/107768 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE...