Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
team foundation server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40674
libexpat prior to 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
3.5
CVSSv2
CVE-2021-39059
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...
Ibm Jazz Foundation 7.0.1
Ibm Jazz Foundation 7.0.2
Ibm Jazz Foundation 7.0
Ibm Jazz Foundation 6.0.6
Ibm Jazz Foundation 6.0.6.1
6.5
CVSSv2
CVE-2020-4974
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated malicious user to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
Ibm Engineering Lifecycle Optimization - Engineering Insights 7.0
Ibm Engineering Lifecycle Optimization - Engineering Insights 7.0.1
Ibm Engineering Lifecycle Optimization - Engineering Insights 7.0.2
Ibm Engineering Requirements Quality Assistant On-premises
Ibm Engineering Test Management 7.0.0
Ibm Engineering Test Management 7.0.1
Ibm Engineering Test Management 7.0.2
Ibm Engineering Workflow Management 7.0
Ibm Engineering Workflow Management 7.0.1
Ibm Engineering Workflow Management 7.0.2
Ibm Rational Collaborative Lifecycle Management 6.0.2
Ibm Rational Collaborative Lifecycle Management 6.0.6
Ibm Rational Collaborative Lifecycle Management 6.0.6.1
Ibm Rational Doors Next Generation 6.0.6
Ibm Rational Doors Next Generation 6.0.6.1
Ibm Rational Doors Next Generation 7.0
Ibm Rational Doors Next Generation 7.0.1
Ibm Rational Doors Next Generation 7.0.2
Ibm Rational Engineering Lifecycle Manager 6.0.2
Ibm Rational Engineering Lifecycle Manager 6.0.6
Ibm Rational Engineering Lifecycle Manager 6.0.6.1
Ibm Rational Quality Manager 6.0.6
4
CVSSv2
CVE-2021-27067
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Microsoft Team Foundation Server 2018
Microsoft Team Foundation Server 2017
Microsoft Team Foundation Server 2015
Microsoft Azure Devops Server 2019
Microsoft Azure Devops Server 2019.0.1
Microsoft Azure Devops Server 2020
4
CVSSv2
CVE-2021-21636
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Team Foundation Server
6.8
CVSSv2
CVE-2021-21638
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials ...
Jenkins Team Foundation Server
4
CVSSv2
CVE-2021-21637
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials ...
Jenkins Team Foundation Server
4.9
CVSSv2
CVE-2020-17145
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Microsoft Team Foundation Server 2018
Microsoft Team Foundation Server 2017
Microsoft Team Foundation Server 2015
Microsoft Azure Devops Server 2019
Microsoft Azure Devops Server 2019.0.1
Microsoft Azure Devops Server 2020
5.5
CVSSv2
CVE-2020-1325
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Microsoft Azure Devops Server 2019
2.1
CVSSv2
CVE-2020-2249
Jenkins Team Foundation Server Plugin 5.157.1 and previous versions stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Jenkins Team Foundation Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »