Vulnerabilites related to microsoft - visual_studio_2017
cve-2020-1293
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:56", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1293", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1293", datePublished: "2020-06-09T19:43:56", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1416
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) |
Version: unspecified |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Visual Studio Code", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Azure Storage Explorer", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "TypeScript", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-30T13:00:22", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1416", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Visual Studio Code", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Azure Storage Explorer", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "TypeScript", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1416", datePublished: "2020-07-14T22:54:34", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.124Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16874
Vulnerability from cvelistv5
Published
2020-09-11 17:08
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>\n<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:35:05.625Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16874", datePublished: "2020-09-11T17:08:47", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34485
Vulnerability from cvelistv5
Published
2021-08-12 18:11
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.38 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.38", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.25", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.18", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.10", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)", vendor: "Microsoft", versions: [ { lessThan: "16.10.5", status: "affected", version: "16.10.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell 7.1", vendor: "Microsoft", versions: [ { lessThan: "7.1.4", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.7", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "2.1.30", status: "affected", version: "2.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.18", status: "affected", version: "3.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.9", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-08-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Core and Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:54:07.748Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485", }, ], title: ".NET Core and Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34485", datePublished: "2021-08-12T18:11:57", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1351
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351 | x_refsource_MISC | |
| https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-30 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "15.0", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:04", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "15.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Tampering", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1351", datePublished: "2020-01-24T20:50:26", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1108
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: ".NET Core", vendor: "Microsoft", versions: [ { status: "affected", version: "3.1", }, { status: "affected", version: "2.1", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.5", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: ".NET Core 5.0", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "PowerShell Core", vendor: "Microsoft", versions: [ { status: "affected", version: "6.2", }, ], }, { product: "PowerShell 7.0", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "1903", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:10", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1108", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: ".NET Core", version: { version_data: [ { version_value: "3.1", }, { version_value: "2.1", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.5", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: ".NET Core 5.0", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "PowerShell Core", version: { version_data: [ { version_value: "6.2", }, ], }, }, { product_name: "PowerShell 7.0", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows RT 8.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "1903", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1108", datePublished: "2020-05-21T22:53:10", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26434
Vulnerability from cvelistv5
Published
2021-09-15 11:23
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1077/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.39 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.39", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.26", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.19", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.11", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.3", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:25.359Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26434", datePublished: "2021-09-15T11:23:00", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21206
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Visual Studio Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.70 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T19:17:19.452159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T19:30:49.108Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.70", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.44", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.18", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.11", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.5", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.70", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.44", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.18", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.11", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.5", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Installer Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427: Uncontrolled Search Path Element", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:07.678Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Installer Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206", }, ], title: "Visual Studio Installer Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21206", datePublished: "2025-02-11T17:58:07.750Z", dateReserved: "2024-12-05T21:43:30.768Z", dateUpdated: "2025-03-12T01:42:07.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0657
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0349 | vendor-advisory, x_refsource_REDHAT | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106890 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2019:0349", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", }, { name: "106890", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106890", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: ".NET Core", vendor: "Microsoft", versions: [ { status: "affected", version: "1", }, { status: "affected", version: "2.1", }, { status: "affected", version: "2.2", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017", }, ], }, { product: "Microsoft .NET Framework 4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "Windows 10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1809 for x64-based Systems", }, { status: "affected", version: "Windows Server 2019", }, { status: "affected", version: "Windows Server 2019 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, { product: "PowerShell Core", vendor: "Microsoft", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "Windows 10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1809 for x64-based Systems", }, { status: "affected", version: "Windows Server 2019", }, { status: "affected", version: "Windows Server 2019 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, ], datePublic: "2019-03-05T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-06T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "RHSA-2019:0349", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0349", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", }, { name: "106890", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106890", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: ".NET Core", version: { version_data: [ { version_value: "1", }, { version_value: "2.1", }, { version_value: "2.2", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for ARM64-based Systems", }, { version_value: "Windows 10 Version 1809 for 32-bit Systems", }, { version_value: "Windows 10 Version 1809 for x64-based Systems", }, { version_value: "Windows Server 2019", }, { version_value: "Windows Server 2019 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", version: { version_data: [ { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows Server, version 1709 (Server Core Installation)", }, { version_value: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "PowerShell Core", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows Server, version 1709 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for ARM64-based Systems", }, { version_value: "Windows 10 Version 1809 for 32-bit Systems", }, { version_value: "Windows 10 Version 1809 for x64-based Systems", }, { version_value: "Windows Server 2019", }, { version_value: "Windows Server 2019 (Server Core installation)", }, { version_value: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2019:0349", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0349", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", }, { name: "106890", refsource: "BID", url: "http://www.securityfocus.com/bid/106890", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0657", datePublished: "2019-03-06T00:00:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:51:27.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17156
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < publication cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:17.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:53.791Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17156", datePublished: "2020-12-09T23:36:59", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:17.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33139
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-02T16:39:22.157046Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-02T16:39:30.480Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.55", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.16", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.27", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.22", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.8", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40702.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27554.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.3", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40702.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27554.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:39.771Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, ], title: "Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33139", datePublished: "2023-06-13T23:25:55.404Z", dateReserved: "2023-05-17T21:16:44.896Z", dateUpdated: "2025-01-01T01:43:39.771Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0546
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106391 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio |
Version: 2017 version 15.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:26.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", }, { name: "106391", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106391", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017 version 15.9", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", }, { name: "106391", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106391", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0546", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017 version 15.9", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", }, { name: "106391", refsource: "BID", url: "http://www.securityfocus.com/bid/106391", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0546", datePublished: "2019-01-08T21:00:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:51:26.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8599
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106094 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio |
Version: 2015 Update 3 Version: 2017 Version: 2017 version 15.9 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:25.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", }, { name: "106094", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106094", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, { status: "affected", version: "2017", }, { status: "affected", version: "2017 version 15.9", }, ], }, { product: "Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for ARM64-based Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for ARM64-based Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "Version 1809 for 32-bit Systems", }, { status: "affected", version: "Version 1809 for ARM64-based Systems", }, { status: "affected", version: "Version 1809 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-12T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", }, { name: "106094", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106094", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8599", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, { version_value: "2017", }, { version_value: "2017 version 15.9", }, ], }, }, { product_name: "Windows Server 2019", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for ARM64-based Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for ARM64-based Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "Version 1809 for 32-bit Systems", }, { version_value: "Version 1809 for ARM64-based Systems", }, { version_value: "Version 1809 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", }, { name: "106094", refsource: "BID", url: "http://www.securityfocus.com/bid/106094", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8599", datePublished: "2018-12-12T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T07:02:25.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1597
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET Core 2.1 |
Version: 2.0 < publication cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, { name: "FEDORA-2020-cad5d17c6d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { name: "FEDORA-2020-9ddf1aa50b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:24.159Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, { name: "FEDORA-2020-cad5d17c6d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { name: "FEDORA-2020-9ddf1aa50b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, ], title: "ASP.NET Core Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1597", datePublished: "2020-08-17T19:13:53", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35777
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:21.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:57.963Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35777", datePublished: "2022-08-09T19:59:23", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:57.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28299
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.54 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.54", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.54", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:20.556Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, ], title: "Visual Studio Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28299", datePublished: "2023-04-11T19:13:59.381Z", dateReserved: "2023-03-13T22:23:36.189Z", dateUpdated: "2025-01-23T01:05:20.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36792
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.57 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36792", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:00:38.974579Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:00:45.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2016", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2012", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows Server 2022", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows Server 2019", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows 10 Version 1607 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:33.725Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36792", datePublished: "2023-09-12T16:58:40.779Z", dateReserved: "2023-06-27T15:11:59.871Z", dateUpdated: "2025-01-01T02:04:33.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28321
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Apr/40 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1803 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:14.051Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:13.552Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28321", datePublished: "2021-04-13T19:32:55", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:14.051Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21566
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.13 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T20:49:49.481846Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T20:49:58.715Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73: External Control of File Name or Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:49.244Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21566", datePublished: "2023-02-14T20:09:08.856Z", dateReserved: "2022-12-01T14:00:11.204Z", dateUpdated: "2025-01-01T00:40:49.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1350
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350 | x_refsource_MISC | |
| https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-30 | vendor-advisory, x_refsource_GENTOO | |
| https://security.gentoo.org/glsa/202003-42 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "GLSA-202003-42", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-42", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "15.0", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:08", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "GLSA-202003-42", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-42", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1350", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "15.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "GLSA-202003-42", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-42", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1350", datePublished: "2020-01-24T20:50:25", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26423
Vulnerability from cvelistv5
Published
2021-08-12 18:11
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.38 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.161Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.38", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.25", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.18", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.10", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)", vendor: "Microsoft", versions: [ { lessThan: "16.10.5", status: "affected", version: "16.10.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "8.10.7", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "2.1.30", status: "affected", version: "2.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.18", status: "affected", version: "3.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.9", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell Core 7.1", vendor: "Microsoft", versions: [ { lessThan: "7.1.4", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell Core 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.7", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-08-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Core and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:53:54.266Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423", }, ], title: ".NET Core and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26423", datePublished: "2021-08-12T18:11:31", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.161Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1639
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 16:18
Severity ?
EPSS score ?
Summary
Visual Studio Code Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.8 |
Version: 16.0 < publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:10.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Visual Studio Code", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Code Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:16.842Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639", }, ], title: "Visual Studio Code Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1639", datePublished: "2021-02-25T23:01:24", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-08-03T16:18:10.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1113
Vulnerability from cvelistv5
Published
2019-07-29 14:09
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, { status: "affected", version: "16.1", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "1903", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-29T14:09:42", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1113", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", version: { version_data: [ { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows RT 8.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, { version_value: "16.1", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "1903", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1113", datePublished: "2019-07-29T14:09:42", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.789Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41119
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.10 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41119", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:17:21.236549Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-07T13:57:30.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.10", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.51", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.21", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.3", vendor: "Microsoft", versions: [ { lessThan: "17.3.7", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.16", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.10", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.51", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.21", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.3.7", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.16", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:56.482Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41119", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:56.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43603
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2025-01-29 23:51
Severity ?
EPSS score ?
Summary
Visual Studio Collector Service Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.11 |
Version: 17.11 < 17.11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43603", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:35:39.922024Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T19:27:12.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.5", status: "affected", version: "17.11", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.67", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.41", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.20", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.15", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.8", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27561.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.67", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.41", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27561.00", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Collector Service Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:51:01.997Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Collector Service Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603", }, ], title: "Visual Studio Collector Service Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43603", datePublished: "2024-10-08T17:36:17.098Z", dateReserved: "2024-08-14T01:08:33.551Z", dateUpdated: "2025-01-29T23:51:01.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0613
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106872 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106872", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106872", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017", }, ], }, { product: "Microsoft .NET Framework 4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "Windows 10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1809 for x64-based Systems", }, { status: "affected", version: "Windows Server 2019", }, { status: "affected", version: "Windows Server 2019 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "Windows 10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "Windows 10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1809 for x64-based Systems", }, { status: "affected", version: "Windows Server 2019", }, { status: "affected", version: "Windows Server 2019 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, ], datePublic: "2019-03-05T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-06T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "106872", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106872", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0613", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for ARM64-based Systems", }, { version_value: "Windows 10 Version 1809 for 32-bit Systems", }, { version_value: "Windows 10 Version 1809 for x64-based Systems", }, { version_value: "Windows Server 2019", }, { version_value: "Windows Server 2019 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", version: { version_data: [ { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows Server, version 1709 (Server Core Installation)", }, { version_value: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows Server, version 1709 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, { version_value: "Windows 10 Version 1803 for ARM64-based Systems", }, { version_value: "Windows 10 Version 1809 for 32-bit Systems", }, { version_value: "Windows 10 Version 1809 for x64-based Systems", }, { version_value: "Windows Server 2019", }, { version_value: "Windows Server 2019 (Server Core installation)", }, { version_value: "Windows 10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "106872", refsource: "BID", url: "http://www.securityfocus.com/bid/106872", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0613", datePublished: "2019-03-06T00:00:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:51:27.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1203
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:22", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1203", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1203", datePublished: "2020-06-09T19:43:23", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42319
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.41 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.41", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.21", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.13", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.6", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:45.942Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42319", datePublished: "2021-11-10T00:47:41", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1278
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 2004 for x64-based Systems |
Version: unspecified |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.791Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:50", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1278", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1278", datePublished: "2020-06-09T19:43:50", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36793
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.57 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36793", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T15:20:19.558478Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:25:44.719Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows Server 2019", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:33.186Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36793", datePublished: "2023-09-12T16:58:40.256Z", dateReserved: "2023-06-27T15:11:59.872Z", dateUpdated: "2025-01-01T02:04:33.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1211
Vulnerability from cvelistv5
Published
2019-08-14 20:55
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.
To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands.
The update addresses the issue by changing the permissions required to edit configuration files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 |
Version: 15.0 < publication cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, ], datePublic: "2019-08-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.\nTo exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands.\nThe update addresses the issue by changing the permissions required to edit configuration files.\n", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:51:07.566Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211", }, ], title: "Git for Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1211", datePublished: "2019-08-14T20:55:05", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.223Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36796
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Version: 17.6.0 < 17.6.9 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:14:53.378773Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:25:47.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.7.6", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40707.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27559.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.03", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2016", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for x64-based Systems", "Windows 10 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.7.6", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40707.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27559.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.03", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:32.188Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36796", datePublished: "2023-09-12T16:58:39.186Z", dateReserved: "2023-06-27T15:11:59.873Z", dateUpdated: "2025-01-01T02:04:32.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1721
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 16:18
Severity ?
EPSS score ?
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell Core 7.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "PowerShell Core 7.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: ".NET 5.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET Core and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:17.653Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", }, ], title: ".NET Core and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1721", datePublished: "2021-02-25T23:01:26", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-08-03T16:18:11.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0757
Vulnerability from cvelistv5
Published
2019-04-09 01:51
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio |
Version: 2017 for Mac |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.044Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", }, { name: "RHSA-2019:1259", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017 for Mac", }, ], }, { product: ".NET Core SDK", vendor: "Microsoft", versions: [ { status: "affected", version: "1.1 on .NET Core 1.0", }, { status: "affected", version: "2.1.500 on .NET Core 2.1", }, { status: "affected", version: "2.2.100 on .NET Core 2.2", }, { status: "affected", version: "1.1 on .NET Core 1.1", }, ], }, { product: "Nuget", vendor: "Microsoft", versions: [ { status: "affected", version: "4.3.1", }, { status: "affected", version: "4.4.2", }, { status: "affected", version: "4.5.2", }, { status: "affected", version: "4.6.3", }, { status: "affected", version: "4.7.2", }, { status: "affected", version: "4.8.2", }, { status: "affected", version: "4.9.4", }, ], }, { product: "Mono Framework", vendor: "Microsoft", versions: [ { status: "affected", version: "5.18.0.223", }, { status: "affected", version: "5.20.0", }, ], }, ], datePublic: "2019-03-12T00:00:00", descriptions: [ { lang: "en", value: "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T12:06:04", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", }, { name: "RHSA-2019:1259", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1259", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017 for Mac", }, ], }, }, { product_name: ".NET Core SDK", version: { version_data: [ { version_value: "1.1 on .NET Core 1.0", }, { version_value: "2.1.500 on .NET Core 2.1", }, { version_value: "2.2.100 on .NET Core 2.2", }, { version_value: "1.1 on .NET Core 1.1", }, ], }, }, { product_name: "Nuget", version: { version_data: [ { version_value: "4.3.1", }, { version_value: "4.4.2", }, { version_value: "4.5.2", }, { version_value: "4.6.3", }, { version_value: "4.7.2", }, { version_value: "4.8.2", }, { version_value: "4.9.4", }, ], }, }, { product_name: "Mono Framework", version: { version_data: [ { version_value: "5.18.0.223", }, { version_value: "5.20.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Tampering", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", }, { name: "RHSA-2019:1259", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1259", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0757", datePublished: "2019-04-09T01:51:25", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.044Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21172
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:24
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:36.041Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.12", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 9.0", vendor: "Microsoft", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.12", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "9.0.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:24:17.774Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172", }, ], title: ".NET and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21172", datePublished: "2025-01-14T18:04:38.469Z", dateReserved: "2024-12-05T21:43:30.760Z", dateUpdated: "2025-04-02T13:24:17.774Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1202
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:22", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1202", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1202", datePublished: "2020-06-09T19:43:22", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43590
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Visual C++ Redistributable Installer |
Version: 10.0.0 < 14.40.33816 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43590", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:34:14.182011Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:34:32.825Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Visual C++ Redistributable Installer", vendor: "Microsoft", versions: [ { lessThan: "14.40.33816", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.67", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.41", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.20", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.15", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.8", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.5", status: "affected", version: "17.11", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_c_plus_plus_redistributable_installer:*:*:*:*:*:*:*:*", versionEndExcluding: "14.40.33816", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.67", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.41", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:59.023Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590", }, ], title: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43590", datePublished: "2024-10-08T17:36:14.169Z", dateReserved: "2024-08-14T01:08:33.548Z", dateUpdated: "2025-01-29T23:50:59.023Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1161
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) |
Version: unspecified |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.313Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.5", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "ASP.NET Core", vendor: "Microsoft", versions: [ { status: "affected", version: "3.1", }, ], }, ], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:28", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.5", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "ASP.NET Core", version: { version_data: [ { version_value: "3.1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1161", datePublished: "2020-05-21T22:53:28", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1349
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349 | x_refsource_MISC | |
| https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2020:0228 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/202003-30 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "15.0", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:04", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1349", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "15.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1349", datePublished: "2020-01-24T20:50:25", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1130
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1803 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", ], product: "Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1709", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:44.115Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1130", datePublished: "2020-09-11T17:09:01", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.223Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35827
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35827", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:23:43.503677Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:25:36.725Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:57.317Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35827", datePublished: "2022-08-09T20:12:50", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:57.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1393
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:01.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:23", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1393", datePublished: "2020-07-14T22:54:23", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:32:01.367Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36794
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-01-01 02:04
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.57 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36794", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T15:55:22.038287Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-14T15:55:32.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.57", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.21", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.30", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.13", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.24", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.13", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.7", vendor: "Microsoft", versions: [ { lessThan: "17.6.9", status: "affected", version: "17.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016 (Server Core installation)", "Windows Server 2016", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04667.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.05", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.6252", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09186.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04063.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for x64-based Systems", "Windows 10 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20162", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 3.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { lessThan: "3.0.30729.8957", status: "affected", version: "3.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.57", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.21", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.30", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.13", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.24", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.13", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.9", versionStartIncluding: "17.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04667.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.05", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.6252", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09186.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04063.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20162", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "3.0.30729.8957", versionStartIncluding: "3.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:32.641Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36794", datePublished: "2023-09-12T16:58:39.719Z", dateReserved: "2023-06-27T15:11:59.873Z", dateUpdated: "2025-01-01T02:04:32.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-36952
Vulnerability from cvelistv5
Published
2021-09-15 11:23
Modified
2024-08-04 01:09
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1076/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.39 cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:09:07.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.39", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.26", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.19", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:00.478Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-36952", datePublished: "2021-09-15T11:23:30", dateReserved: "2021-07-19T00:00:00", dateUpdated: "2024-08-04T01:09:07.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29060
Vulnerability from cvelistv5
Published
2024-06-11 16:59
Modified
2024-12-31 19:37
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Version: 17.10 < 17.10.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29060", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T18:59:22.420493Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-11T18:59:37.398Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.2", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.63", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.37", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.20", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.16", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.11", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.2", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.63", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.37", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.20", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.16", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.11", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-06-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:37:44.081Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29060", datePublished: "2024-06-11T16:59:48.371Z", dateReserved: "2024-03-14T23:05:27.954Z", dateUpdated: "2024-12-31T19:37:44.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21567
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.13 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21567", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T15:38:10.306172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:19:47.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:49.777Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, ], title: "Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21567", datePublished: "2023-02-14T20:09:09.644Z", dateReserved: "2022-12-01T14:00:11.204Z", dateUpdated: "2025-01-01T00:40:49.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1352
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352 | x_refsource_MISC | |
| https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2020:0228 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/202003-30 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "15.0", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:06", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1352", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "15.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "RHSA-2020:0228", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1352", datePublished: "2020-01-24T20:50:26", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0952
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105048 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/45244/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1041466 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server 2016 |
Version: (Server Core installation) |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105048", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105048", }, { name: "45244", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45244/", }, { name: "1041466", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041466", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, { status: "affected", version: "2017", }, { status: "affected", version: "2017 Version 15.8", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-24T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105048", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105048", }, { name: "45244", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45244/", }, { name: "1041466", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041466", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-0952", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, { version_value: "2017", }, { version_value: "2017 Version 15.8", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "105048", refsource: "BID", url: "http://www.securityfocus.com/bid/105048", }, { name: "45244", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45244/", }, { name: "1041466", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041466", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0952", datePublished: "2018-08-15T17:00:00", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-08-05T03:44:11.706Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1257
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 |
Version: 16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:41", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1257", datePublished: "2020-06-09T19:43:41", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1232
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio |
Version: 2015 Update 3 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, { status: "affected", version: "15.0", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, { status: "affected", version: "16.2", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:24:58", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, { version_value: "15.0", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, { version_value: "16.2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1232", datePublished: "2019-09-11T21:24:58", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1651
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 20H2 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.009Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:03.178Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1651", datePublished: "2021-01-12T19:42:03", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:03.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1037
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040664 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103715 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio |
Version: 2010 Service Pack 1 Version: 2012 Update 5 Version: 2013 Update 5 Version: 2015 Update 3 Version: 2017 Version: 2017 Version 15.6.6 Version: 2017 Version 15.7 Preview |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040664", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040664", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", }, { name: "103715", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103715", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 1", }, { status: "affected", version: "2012 Update 5", }, { status: "affected", version: "2013 Update 5", }, { status: "affected", version: "2015 Update 3", }, { status: "affected", version: "2017", }, { status: "affected", version: "2017 Version 15.6.6", }, { status: "affected", version: "2017 Version 15.7 Preview", }, ], }, ], datePublic: "2018-04-11T00:00:00", descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T09:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040664", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040664", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", }, { name: "103715", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103715", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-1037", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2010 Service Pack 1", }, { version_value: "2012 Update 5", }, { version_value: "2013 Update 5", }, { version_value: "2015 Update 3", }, { version_value: "2017", }, { version_value: "2017 Version 15.6.6", }, { version_value: "2017 Version 15.7 Preview", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "1040664", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040664", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", }, { name: "103715", refsource: "BID", url: "http://www.securityfocus.com/bid/103715", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-1037", datePublished: "2018-04-12T01:00:00", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-08-05T03:44:11.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1133
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", ], product: "Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1709", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:44.638Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1133", datePublished: "2020-09-11T17:09:01", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28313
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Apr/40 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1803 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:13.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:09.441Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28313", datePublished: "2021-04-13T19:32:49", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:13.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0884
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) |
Version: unspecified |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:53", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0884", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0884", datePublished: "2020-03-12T15:48:53", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.533Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1680
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 20H2 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:17.305Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1680", datePublished: "2021-01-12T19:42:21", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:17.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35825
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35825", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:55:18.625937Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:55:28.427Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:56.178Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35825", datePublished: "2022-08-09T20:12:22", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:56.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1147
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2025-02-04 19:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | x_refsource_MISC | |
| https://www.exploitalert.com/view-details.html?id=35992 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploitalert.com/view-details.html?id=35992", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1147", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:25:47.186130Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1147", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:34:41.282Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: ".NET Core", vendor: "Microsoft", versions: [ { status: "affected", version: "2.1", }, { status: "affected", version: "3.1", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "1903", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-23T17:06:10.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploitalert.com/view-details.html?id=35992", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: ".NET Core", version: { version_data: [ { version_value: "2.1", }, { version_value: "3.1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows RT 8.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "1903", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", }, { name: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", }, { name: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { name: "https://www.exploitalert.com/view-details.html?id=35992", refsource: "MISC", url: "https://www.exploitalert.com/view-details.html?id=35992", }, { name: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1147", datePublished: "2020-07-14T22:54:00.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-04T19:34:41.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17100
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:51
Severity ?
EPSS score ?
Summary
Visual Studio Tampering Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < publication cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Tampering Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:51:23.251Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100", }, ], title: "Visual Studio Tampering Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17100", datePublished: "2020-11-11T06:48:35", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:51:23.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20656
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-12-31 18:39
Severity ?
EPSS score ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.59 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20656", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-30T18:27:10.585358Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T20:58:39.220Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:59:42.344Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.59", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27560.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.59", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27560.00", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-01-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:39:40.313Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, ], title: "Visual Studio Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-20656", datePublished: "2024-01-09T17:57:01.850Z", dateReserved: "2023-11-28T22:58:12.114Z", dateUpdated: "2024-12-31T18:39:40.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27064
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-11-19 16:27
Severity ?
EPSS score ?
Summary
Visual Studio Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < publication cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-27064", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T16:27:41.252755Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T16:27:50.268Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Installer Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:51.866Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064", }, ], title: "Visual Studio Installer Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27064", datePublished: "2021-04-13T19:32:36", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-11-19T16:27:50.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36897
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-01-01 01:59
Severity ?
EPSS score ?
Summary
Visual Studio Tools for Office Runtime Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36897", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T18:55:48.486878Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T18:58:02.478Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.56", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.18", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.29", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.10", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.6", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Visual Studio 2010 Tools for Office Runtime", vendor: "Microsoft", versions: [ { lessThan: "10.0.60910", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.56", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.18", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.29", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.10", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.6", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.60910", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:12.128Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, ], title: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36897", datePublished: "2023-08-08T17:08:53.174Z", dateReserved: "2023-06-27T20:28:49.988Z", dateUpdated: "2025-01-01T01:59:12.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21871
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21871 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1809 |
Version: 10.0.17763.0 < 10.0.17763.2452 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21871", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2452", status: "affected", version: "10.0.17763.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2452", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2452", status: "affected", version: "10.0.17763.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2452", status: "affected", version: "10.0.17763.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "10.0.18363.2037", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "ARM64-based Systems", "32-bit Systems", ], product: "Windows 10 Version 21H1", vendor: "Microsoft", versions: [ { lessThan: "10.0.19043.1466", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server 2022", vendor: "Microsoft", versions: [ { lessThan: "10.0.20348.469", status: "affected", version: "10.0.20348.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19042.1466", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19042.1466", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "ARM64-based Systems", ], product: "Windows 11 version 21H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.22000.434", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 21H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19043.1466", status: "affected", version: "10.0.19043.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19177", status: "affected", version: "10.0.10240.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4886", status: "affected", version: "10.0.14393.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4886", status: "affected", version: "10.0.14393.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4886", status: "affected", version: "10.0.14393.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.44", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.25", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.17", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "27551.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.17763.2452", versionStartIncluding: "10.0.17763.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", versionEndExcluding: "10.0.17763.2452", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.17763.2452", versionStartIncluding: "10.0.17763.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.17763.2452", versionStartIncluding: "10.0.17763.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.18363.2037", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21H1:*:*:*:*:*:*:x64:*", versionEndExcluding: "10.0.19043.1466", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.20348.469", versionStartIncluding: "10.0.20348.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.19042.1466", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.19042.1466", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*", versionEndExcluding: "10.0.22000.434", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.19043.1466", versionStartIncluding: "10.0.19043.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.10240.19177", versionStartIncluding: "10.0.10240.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", versionEndExcluding: "10.0.14393.4886", versionStartIncluding: "10.0.14393.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.4886", versionStartIncluding: "10.0.14393.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.4886", versionStartIncluding: "10.0.14393.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.44", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.7.25", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.17", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "27551.00", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:22.488Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21871", }, ], title: "Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21871", datePublished: "2022-01-11T20:22:40", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:22.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24767
Vulnerability from cvelistv5
Published
2022-04-12 17:51
Modified
2024-10-01 14:53
Severity ?
EPSS score ?
Summary
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: unspecified |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-24767", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-31T15:23:28.548160Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427 Uncontrolled Search Path Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T14:53:40.641Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2022 version 17.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-15T19:58:54", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-24767", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2022 version 17.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2022 version 17.0", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24767", datePublished: "2022-04-12T17:51:04", dateReserved: "2022-02-10T00:00:00", dateUpdated: "2024-10-01T14:53:40.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0899
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.5 |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.5", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:44", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0899", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.5", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0899", datePublished: "2020-04-15T15:12:44", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0900
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.5 |
Version: unspecified |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.5", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:44", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0900", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.5", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0900", datePublished: "2020-04-15T15:12:44", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.628Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1354
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354 | x_refsource_MISC | |
| https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-30 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) |
Version: unspecified |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "15.0", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:07", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1354", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "15.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1354", datePublished: "2020-01-24T20:50:26", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23381
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.24 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-23381", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T17:49:25.568186Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T17:49:29.460Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:21.901Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23381", datePublished: "2023-02-14T20:09:59.470Z", dateReserved: "2023-01-11T22:08:03.134Z", dateUpdated: "2025-01-01T00:41:21.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42277
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1306/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1809 |
Version: 10.0.0 < 10.0.17763.2300 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:37.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.17763.2300", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "10.0.18363.1916", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", "32-bit Systems", ], product: "Windows 10 Version 21H1", vendor: "Microsoft", versions: [ { lessThan: "10.0.19043.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2022", vendor: "Microsoft", versions: [ { lessThan: "10.0.20348.350", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19042.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.19041.1348", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*", ], platforms: [ "x64-based Systems", "ARM64-based Systems", ], product: "Windows 11 version 21H2", vendor: "Microsoft", versions: [ { lessThan: "10.0.22000.318", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1507", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19119", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Windows 10 Version 1607", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.4770", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.41", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.21", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.13", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.6", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "27550.00", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:57.294Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, ], title: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42277", datePublished: "2021-11-10T00:47:02", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:37.813Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8232
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041271 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104640 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio |
Version: 2017 Version: 2017 Version 15.7.5 Version: 2017 Version 15.8 Preview |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.840Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041271", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041271", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", }, { name: "104640", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104640", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2017", }, { status: "affected", version: "2017 Version 15.7.5", }, { status: "affected", version: "2017 Version 15.8 Preview", }, ], }, ], datePublic: "2018-07-10T00:00:00", descriptions: [ { lang: "en", value: "A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka \"Microsoft Macro Assembler Tampering Vulnerability.\" This affects Microsoft Visual Studio.", }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1041271", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041271", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", }, { name: "104640", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104640", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2017", }, { version_value: "2017 Version 15.7.5", }, { version_value: "2017 Version 15.8 Preview", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka \"Microsoft Macro Assembler Tampering Vulnerability.\" This affects Microsoft Visual Studio.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Tampering", }, ], }, ], }, references: { reference_data: [ { name: "1041271", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041271", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", }, { name: "104640", refsource: "BID", url: "http://www.securityfocus.com/bid/104640", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8232", datePublished: "2018-07-11T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0809
Vulnerability from cvelistv5
Published
2019-04-09 02:30
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2017 |
Version: version 15.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, ], datePublic: "2019-03-12T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T02:30:49", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0809", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0809", datePublished: "2019-04-09T02:30:49", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1077
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 |
Version: version 15.9 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.670Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, { status: "affected", version: "16.1", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-15T18:56:20", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1077", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, { version_value: "16.1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1077", datePublished: "2019-07-15T18:56:20", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0793
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:01.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:17", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0793", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0793", datePublished: "2020-03-12T15:48:17", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:01.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28296
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:05
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.54 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:24.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.54", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.15", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.26", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.21", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.7", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.5", vendor: "Microsoft", versions: [ { lessThan: "17.5.4", status: "affected", version: "17.5.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.54", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.26", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:05:20.136Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28296", datePublished: "2023-04-11T19:13:58.852Z", dateReserved: "2023-03-13T22:23:36.188Z", dateUpdated: "2025-01-23T01:05:20.136Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29148
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29148 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.48 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29148", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.48", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.48", versionStartIncluding: "15.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:20.375Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29148", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29148", datePublished: "2022-05-10T20:34:57", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T18:58:20.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8172
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041253 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104616 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio |
Version: 2010 Service Pack 1 Version: 2012 Update 5 Version: 2013 Update 5 Version: 2015 Update 3 Version: 2017 Version: 2017 Version 15.7.5 Version: 2017 Version 15.8 Preview |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041253", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041253", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", }, { name: "104616", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104616", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 1", }, { status: "affected", version: "2012 Update 5", }, { status: "affected", version: "2013 Update 5", }, { status: "affected", version: "2015 Update 3", }, { status: "affected", version: "2017", }, { status: "affected", version: "2017 Version 15.7.5", }, { status: "affected", version: "2017 Version 15.8 Preview", }, ], }, { product: "Expression Blend 4", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 3", }, ], }, ], datePublic: "2018-07-10T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1041253", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041253", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", }, { name: "104616", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104616", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8172", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2010 Service Pack 1", }, { version_value: "2012 Update 5", }, { version_value: "2013 Update 5", }, { version_value: "2015 Update 3", }, { version_value: "2017", }, { version_value: "2017 Version 15.7.5", }, { version_value: "2017 Version 15.8 Preview", }, ], }, }, { product_name: "Expression Blend 4", version: { version_data: [ { version_value: "Service Pack 3", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "1041253", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041253", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", }, { name: "104616", refsource: "BID", url: "http://www.securityfocus.com/bid/104616", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8172", datePublished: "2018-07-11T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1425
Vulnerability from cvelistv5
Published
2019-11-12 18:53
Modified
2024-08-04 18:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 |
Version: version 15.9 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:26.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, { status: "affected", version: "16.3", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-12T18:53:08", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1425", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, { version_value: "16.3", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1425", datePublished: "2019-11-12T18:53:08", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:20:26.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21815
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.52 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-21815", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T16:14:09.107938Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-14T16:14:19.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:51:51.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:03.370Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21815", datePublished: "2023-02-14T20:09:31.025Z", dateReserved: "2022-12-16T22:13:41.244Z", dateUpdated: "2025-01-01T00:41:03.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21808
Vulnerability from cvelistv5
Published
2023-02-14 20:09
Modified
2025-02-28 21:13
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.24 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21808", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:13.694036Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:13:45.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.24", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.19", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.52", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.5", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.13", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.3", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.14", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.10", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2022", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows Server 2022 (Server Core installation)", "Windows Server 2019", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "10.0.04614.06", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.04038.03", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04614.08", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04614.05", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 22H2 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "10.0.09139.02", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04038.06", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19747", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.24", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.52", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.3", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.14", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.10", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.04614.06", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.04038.03", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04614.08", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04614.05", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.09139.02", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04038.06", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.19747", versionStartIncluding: "4.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:01.018Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, ], title: ".NET and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21808", datePublished: "2023-02-14T20:09:27.030Z", dateReserved: "2022-12-16T22:13:41.241Z", dateUpdated: "2025-02-28T21:13:45.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35826
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.50 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T19:26:13.774576Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T19:26:26.305Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.50", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.24", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.18", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.13", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "11.0.61252.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40699.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27552.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.7", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.50", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.9.24", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.18", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.13", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "11.0.61252.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40699.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27552.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:56.811Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35826", datePublished: "2022-08-09T20:12:36", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-01-02T19:34:56.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21176
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:34.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.12", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 9.0", vendor: "Microsoft", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows 11 Version 24H2 for ARM64-based Systems", "Windows 11 Version 24H2 for x64-based Systems", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows 11 Version 23H2 for x64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.1.09294.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04775.01", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04775.01", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.7699", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04126.01", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 4.6/4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.20890", status: "affected", version: "10.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.12", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "9.0.1", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.1.09294.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04775.01", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04775.01", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.7699", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04126.01", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.20890", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-126", description: "CWE-126: Buffer Over-read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:36.901Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176", }, ], title: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21176", datePublished: "2025-01-14T18:04:00.852Z", dateReserved: "2024-12-05T21:43:30.761Z", dateUpdated: "2025-04-02T13:23:36.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26870
Vulnerability from cvelistv5
Published
2020-10-07 15:50
Modified
2024-08-04 16:03
Severity ?
EPSS score ?
Summary
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References
| ▼ | URL | Tags |
|---|---|---|
| https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ | x_refsource_MISC | |
| https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d | x_refsource_MISC | |
| https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | mailing-list, x_refsource_MLIST | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 | vendor-advisory, x_refsource_MS | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:03:22.865Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", }, { name: "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html", }, { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:54:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", }, { name: "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html", }, { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-26870", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", refsource: "MISC", url: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", }, { name: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", refsource: "MISC", url: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", }, { name: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", refsource: "MISC", url: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", }, { name: "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html", }, { name: "Visual Studio Remote Code Execution Vulnerability", refsource: "MS", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26870", datePublished: "2020-10-07T15:50:09", dateReserved: "2020-10-07T00:00:00", dateUpdated: "2024-08-04T16:03:22.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24897
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.55 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24897", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T19:43:18.398305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:43:32.943Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.55", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.16", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.27", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.0", vendor: "Microsoft", versions: [ { lessThan: "17.0.22", status: "affected", version: "17.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.8", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "12.0.40700.0", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.27555.0", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.7", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.18", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.3", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "PowerShell 7.2", vendor: "Microsoft", versions: [ { lessThan: "7.2.12", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows Server 2019", "Windows 10 Version 1809 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.4644.0", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2012", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.4644.0", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.4050.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2016", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.14393.5989", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04043.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.9166.0", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04043.0", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 and 4.6.2", vendor: "Microsoft", versions: [ { lessThan: "10.0.10240.19983", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*", versionEndExcluding: "12.0.40700.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.27555.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.7", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.18", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", versionEndExcluding: "7.2.12", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.4644.0", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.4644.0", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.4050.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.14393.5989", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04043.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.9166.0", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04043.0", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "10.0.10240.19983", versionStartIncluding: "4.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:32.304Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, ], title: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-24897", datePublished: "2023-06-14T14:52:10.089Z", dateReserved: "2023-01-31T20:32:35.472Z", dateUpdated: "2025-01-01T01:43:32.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0810
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:02.014Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, { product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:25", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, { product_name: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0810", datePublished: "2020-03-12T15:48:25", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:02.014Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16856
Vulnerability from cvelistv5
Published
2020-09-11 17:08
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2012 Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2013 Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>\n<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:01.879Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16856", datePublished: "2020-09-11T17:08:40", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28322
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Apr/40 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Version 1803 |
Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:14.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1803", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1809", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", "ARM64-based Systems", ], product: "Windows 10 Version 1909", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", "x64-based Systems", ], product: "Windows 10 Version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 2004", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*", ], platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Windows 10 Version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Windows Server version 20H2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:14.048Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322", }, { name: "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, ], title: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28322", datePublished: "2021-04-13T19:32:56", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:14.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0727
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio |
Version: 2015 Update 3 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:57.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Visual Studio", vendor: "Microsoft", versions: [ { status: "affected", version: "2015 Update 3", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, ], }, { product: "Microsoft Visual Studio 2017", vendor: "Microsoft", versions: [ { status: "affected", version: "version 15.9", }, { status: "affected", version: "15.0", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Visual Studio 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "16.0", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:00", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0727", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Visual Studio", version: { version_data: [ { version_value: "2015 Update 3", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, ], }, }, { product_name: "Microsoft Visual Studio 2017", version: { version_data: [ { version_value: "version 15.9", }, { version_value: "15.0", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Visual Studio 2019", version: { version_data: [ { version_value: "16.0", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0727", datePublished: "2019-05-16T18:17:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:57.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21178
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:24
Severity ?
EPSS score ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.69 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21178", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:33.238Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.69", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.43", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.22", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.17", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.10", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2015 Update 3", vendor: "Microsoft", versions: [ { lessThan: "14.0.24252.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.12", vendor: "Microsoft", versions: [ { lessThan: "17.12.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.69", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.43", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*", versionEndExcluding: "14.0.24252.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.12.4", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Visual Studio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:24:37.080Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Visual Studio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178", }, ], title: "Visual Studio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21178", datePublished: "2025-01-14T18:04:01.376Z", dateReserved: "2024-12-05T21:43:30.761Z", dateUpdated: "2025-04-02T13:24:37.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "D24A94DC-945C-42E3-91FD-CB0B541D8C51", versionEndExcluding: "15.9.27", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "38E37F70-BFA4-40AF-AFB5-E0771CD1426E", versionEndExcluding: "16.4.13", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "774D798B-0012-4174-AB23-514260463404", versionEndExcluding: "16.7.3", versionStartIncluding: "16.5", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de archivos, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1130", }, ], id: "CVE-2020-1133", lastModified: "2024-11-21T05:09:48.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.090", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106094 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106094 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1709 | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", matchCriteriaId: "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el servicio Diagnostics Hub Standard Collector suplanta de forma inadecuada ciertas operaciones con archivos. Esto también se conoce como \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10 y Windows 10 Servers.", }, ], id: "CVE-2018-8599", lastModified: "2024-11-21T04:14:06.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-12T00:29:00.840", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106094", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-273", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "80B7A8C1-9168-4467-8B96-5024C6639EFB", versionEndIncluding: "15.8", versionStartIncluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE5FF31-110B-4518-A0B9-E94E2840B492", versionEndIncluding: "16.3", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad en Microsoft Visual Studio, ya que incluye una URL de respuesta que no está protegida por SSL, también se conoce como \"Microsoft Visual Studio Spoofing Vulnerability\".", }, ], id: "CVE-2020-0884", lastModified: "2024-11-21T04:54:23.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:20.453", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-30 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "10449533-62C1-48C0-83DA-DE23AB348D78", versionEndExcluding: "15.9.18", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "82C0D6F5-7300-418C-8024-24741B226036", versionEndExcluding: "16.4.1", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota cuando Git para Visual Studio sanea inapropiadamente la entrada, también se conoce como \"Git for Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", }, ], id: "CVE-2019-1354", lastModified: "2024-11-21T04:36:32.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T21:15:12.987", references: [ { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-15 19:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2017 | 16.0 | |
| microsoft | visual_studio_2017 | 16.1 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:itanium:*", matchCriteriaId: "89205073-20C1-43C4-8A5F-412F94F1EDFE", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*", matchCriteriaId: "2B96C1AE-05F1-4178-93A3-9B2BA59ACA74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "197E82CB-81AF-40F1-A55C-7B596891A783", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:16.0:*:*:*:*:*:*:*", matchCriteriaId: "746DAA4E-8ACE-4A14-B24B-F070A866D07D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:16.1:*:*:*:*:*:*:*", matchCriteriaId: "B78D1A85-616C-44F6-AA76-5EF83F7FC613", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en el programa .NET cuando el programa no puede comprobar el margen de la fuente de un archivo. Un atacante que explotó con éxito la vulnerabilidad podría ejecutar código arbitrario en el contexto del usuario actual, también se conoce como \".NET Framework Remote Code Execution Vulnerabilidad\".", }, ], id: "CVE-2019-1113", lastModified: "2024-11-21T04:36:02.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-15T19:15:20.047", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.0 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.0:*:*:*:*:*:*:*", matchCriteriaId: "08A58739-CD5F-45F6-BDA3-14069413B66D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.2:*:*:*:*:*:*:*", matchCriteriaId: "FE087F4D-F5FC-4286-B559-AE5C0E448D27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service suplanta inapropiadamente ciertas operaciones de archivo, también se conoce como \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2019-1232", lastModified: "2024-11-21T04:36:17.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:15.100", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2024-11-21 05:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1077/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1077/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Elevación de Privilegios en Visual Studio", }, ], id: "CVE-2021-26434", lastModified: "2024-11-21T05:56:22.743", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-09-15T12:15:09.150", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1077/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2025-02-11 17:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploitalert.com/view-details.html?id=35992 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploitalert.com/view-details.html?id=35992 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_core | 2.1 | |
| microsoft | .net_core | 3.1 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1709 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*", matchCriteriaId: "7B53B587-D639-45C0-AC33-90669934666A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como \".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\"", }, ], id: "CVE-2020-1147", lastModified: "2025-02-11T17:02:45.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-07-14T23:15:12.057", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.exploitalert.com/view-details.html?id=35992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.exploitalert.com/view-details.html?id=35992", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 21:15
Modified
2024-11-21 07:43
Severity ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "832BAB52-5118-4E00-955D-BF3716B288D0", versionEndExcluding: "15.9.52", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "821BE24D-9EEE-42FE-B4E7-5C682F6B34C4", versionEndExcluding: "16.11.24", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "5AA616AA-25E5-4943-A614-99FF6DFF260E", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "191993E5-B343-45A6-B485-F45F5D8E924D", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F16E4665-E579-4211-92C0-D8058F73A359", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Elevation of Privilege Vulnerability", }, ], id: "CVE-2023-21566", lastModified: "2024-11-21T07:43:05.923", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-02-14T21:15:10.847", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "57D7DA66-67F6-4B60-AF63-38C3C2C758AB", versionEndIncluding: "16.7", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "861B2F5D-4549-4186-BD88-A5180F4D83DF", versionEndIncluding: "16.9", versionStartIncluding: "16.8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de elevación de privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28321, CVE-2021-28322", }, ], id: "CVE-2021-28313", lastModified: "2024-11-21T05:59:27.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:16.453", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "secure@microsoft.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 17:15
Modified
2024-11-21 08:10
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "D4793BFB-2E4E-4067-87A5-4B8749025CA3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", matchCriteriaId: "1DE0C8DD-9C73-4876-8193-068F18074B58", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "482C808D-C0EB-479D-B8A2-D7B04DB4854F", versionEndExcluding: "15.9.57", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "40434953-906B-453E-9F4C-46BF0F693E06", versionEndExcluding: "16.11.30", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E7698BEE-8540-4F0C-A500-1393055B88F4", versionEndExcluding: "17.2.19", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8174DBE5-A4BB-4FA6-B921-B2E82B08DAC9", versionEndExcluding: "17.4.11", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E8241557-9AD7-42D9-AF07-4C7C1A19AB53", versionEndExcluding: "17.7.4", versionStartIncluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Visual Studio", }, ], id: "CVE-2023-36793", lastModified: "2024-11-21T08:10:36.400", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-09-12T17:15:14.627", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:10
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Visual Studio Tools for Office Runtime Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | 365_apps | - | |
| microsoft | 365_apps | - | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office | 2021 | |
| microsoft | office | 2021 | |
| microsoft | visual_studio_2010_tools_for_office_runtime | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", matchCriteriaId: "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", matchCriteriaId: "CD25F492-9272-4836-832C-8439EBE64CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", matchCriteriaId: "CF5DDD09-902E-4881-98D0-CB896333B4AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", matchCriteriaId: "26A3B226-5D7C-4556-9350-5222DC8EFC2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", matchCriteriaId: "1AC0C23F-FC55-4DA1-8527-EB4432038FB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", matchCriteriaId: "A719B461-7869-46D0-9300-D0A348DC26A5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*", matchCriteriaId: "D162C421-065E-4A00-B5D0-FB3434A6A12D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "0979AC6C-A38A-4B79-9196-D721D066E64B", versionEndExcluding: "15.9.56", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "45EE88D6-0DF3-419E-B434-9039DE073B1A", versionEndExcluding: "16.11.29", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "E3B42567-B3FF-4101-A639-C2883F567CF2", versionEndExcluding: "17.2.18", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "4759CA52-CEA4-40C8-B1EF-F161DCFF0E78", versionEndExcluding: "17.4.10", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465155-CEDD-48E5-8B58-AF49B8FAF504", versionEndExcluding: "17.6.6", versionStartIncluding: "17.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Tools for Office Runtime Spoofing Vulnerability", }, ], id: "CVE-2023-36897", lastModified: "2024-11-21T08:10:52.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T18:15:15.913", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104616 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041253 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104616 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041253 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | expression_blend | 2 | |
| microsoft | expression_blend | 3 | |
| microsoft | expression_blend | 4 | |
| microsoft | visual_studio | 2010 | |
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:expression_blend:2:sp2:*:*:*:*:*:*", matchCriteriaId: "8854E4AC-9D27-4DD7-8F95-038DE041F310", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:expression_blend:3:sp1:*:*:*:*:*:*", matchCriteriaId: "BCD59FF3-A586-4DCD-90DC-B084C46AC459", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:expression_blend:4:sp3:*:*:*:*:*:*", matchCriteriaId: "E631F620-3093-469F-BEC9-D7EEAC424F89", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "4DD0F743-9881-4934-944A-982F994FC595", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.7.5:*:*:*:*:*:*:*", matchCriteriaId: "F8018249-9F39-42A0-B17C-A3AF51D7D253", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de Visual Studio cuando el software no comprueba el marcado de fuentes de un archivo para un proyecto sin implementar. Esto también se conoce como \"Visual Studio Remote Code Execution Vulnerability\". Esto afecta a Microsoft Visual Studio y Expression Blend 4.", }, ], id: "CVE-2018-8172", lastModified: "2024-11-21T04:13:23.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-11T00:29:00.367", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104616", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041253", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041253", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.9 | |
| microsoft | visual_studio_2019 | 16.11 | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", matchCriteriaId: "DF6CF9B0-D279-42CD-A84D-48327F44422D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*", matchCriteriaId: "99E7DAC9-17EF-40D4-AEEC-C24970B7190F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35826, CVE-2022-35827", }, ], id: "CVE-2022-35825", lastModified: "2024-11-21T07:11:45.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-08-09T20:15:15.193", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-10 21:15
Modified
2025-01-02 19:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "87ACDBFB-99F3-4357-AF05-0871F68A1A03", versionEndExcluding: "15.9.48", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Visual Studio", }, ], id: "CVE-2022-29148", lastModified: "2025-01-02T19:16:13.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-10T21:15:13.130", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29148", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2024-11-21 03:39
Severity ?
Summary
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105048 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041466 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/45244/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105048 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041466 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45244/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2015 | - | |
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.8 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1709 | |
| microsoft | windows_server_2016 | 1803 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2015:-:update3:*:*:*:*:*:*", matchCriteriaId: "E8F4DFE9-4F4C-4658-AEFE-6C82367A1D62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.8:*:*:*:*:*:*:*", matchCriteriaId: "1146A295-C7BF-4036-9610-9DBC7C8D94AE", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", matchCriteriaId: "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando Diagnostics Hub Standard Collector permite la creación de archivos en ubicaciones arbitrarias. Esto también se conoce como \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability\". Esto afecta a Windows Server 2016, Windows 10, Microsoft Visual Studio y Windows 10 Servers.", }, ], id: "CVE-2018-0952", lastModified: "2024-11-21T03:39:17.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-15T17:29:00.207", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105048", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041466", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45244/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45244/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2015 | update_3 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.4 | |
| microsoft | visual_studio_2019 | 16.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2015:update_3:*:*:*:*:*:*:*", matchCriteriaId: "8C58C82C-6F98-47B2-8801-8D04D4C5CF7D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", matchCriteriaId: "E904F8BF-C415-43BC-89BD-8AD912BEA82A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.5.0:*:*:*:*:*:*:*", matchCriteriaId: "6CCC238C-4305-433B-BC0F-8C537C4A963C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Hay una vulnerabilidad de elevación de privilegios cuando el Visual Studio Extension Installer Service maneja inapropiadamente operaciones de archivos, también se conoce como \"Visual Studio Extension Installer Service Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2020-0900", lastModified: "2024-11-21T04:54:25.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:14.557", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:44
Severity ?
Summary
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "00680F8D-9858-4706-8888-4130E4CDA76B", versionEndExcluding: "15.9.67", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "1915924B-3EB6-4EF4-9DC8-31A98C858ADD", versionEndExcluding: "15.9.67", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "111ACA28-0E8E-4F6D-BE67-F2E0703BC33F", versionEndExcluding: "16.11.41", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "18D2A92E-FB5F-4892-A7EF-0DBD26281248", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "34609790-24EF-448C-8AED-9BF831D73629", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "480AA116-1C38-4778-A84D-321278AEC747", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "AD8D6C06-D7AB-4E82-AAD6-4240603B6AC6", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en el instalador redistribuible de Visual C++", }, ], id: "CVE-2024-43590", lastModified: "2024-10-16T21:44:50.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-10-08T18:15:26.913", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:55
Severity ?
Summary
Visual Studio Collector Service Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "23634494-9964-4281-B202-0FABD7312448", versionEndExcluding: "15.9.67", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "D2021602-110C-4F29-A538-6B609C6FE5C0", versionEndExcluding: "16.11.41", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "18D2A92E-FB5F-4892-A7EF-0DBD26281248", versionEndExcluding: "17.6.20", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "34609790-24EF-448C-8AED-9BF831D73629", versionEndExcluding: "17.8.15", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "480AA116-1C38-4778-A84D-321278AEC747", versionEndExcluding: "17.10.8", versionStartIncluding: "17.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "AD8D6C06-D7AB-4E82-AAD6-4240603B6AC6", versionEndExcluding: "17.11.5", versionStartIncluding: "17.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Collector Service Denial of Service Vulnerability", }, { lang: "es", value: "Vulnerabilidad de denegación de servicio del servicio recopilador de Visual Studio", }, ], id: "CVE-2024-43603", lastModified: "2024-10-17T19:55:34.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-10-08T18:15:28.150", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "57D7DA66-67F6-4B60-AF63-38C3C2C758AB", versionEndIncluding: "16.7", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "861B2F5D-4549-4186-BD88-A5180F4D83DF", versionEndIncluding: "16.9", versionStartIncluding: "16.8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28313, CVE-2021-28321", }, ], id: "CVE-2021-28322", lastModified: "2024-11-21T05:59:29.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:17.030", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "secure@microsoft.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-10 01:19
Modified
2024-11-21 06:27
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Visual Studio Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Elevación de Privilegios en Visual Studio", }, ], id: "CVE-2021-42319", lastModified: "2024-11-21T06:27:35.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-11-10T01:19:49.740", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42319", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Apr/40 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "57D7DA66-67F6-4B60-AF63-38C3C2C758AB", versionEndIncluding: "16.7", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "861B2F5D-4549-4186-BD88-A5180F4D83DF", versionEndIncluding: "16.9", versionStartIncluding: "16.8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28313, CVE-2021-28322", }, ], id: "CVE-2021-28321", lastModified: "2024-11-21T05:59:28.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:16.923", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "secure@microsoft.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-12 18:15
Modified
2024-11-21 06:51
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| git_for_windows_project | git_for_windows | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "ED09ED2B-246F-4521-AA68-6DD61DDAEC70", versionEndExcluding: "15.9.46", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "2A3B8509-5DF9-417D-A4C4-13AA04EE9688", versionEndExcluding: "16.7.27", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "D74FEFE9-B2D6-44A4-88F4-B82F25549905", versionEndExcluding: "16.9.19", versionStartIncluding: "16.8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "25D61E58-23F2-491F-A69D-325236D33F5F", versionEndExcluding: "16.11.12", versionStartIncluding: "16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8F014358-A908-4B23-A071-4F8A1F307AD0", versionEndExcluding: "17.0.8", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "2F2374A6-18AC-4856-8BD0-979F1BECC522", versionEndExcluding: "17.1.4", versionStartIncluding: "17.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2C4FF412-E806-4D42-AA6A-FE021BCD9829", versionEndExcluding: "2.35.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.", }, { lang: "es", value: "GitHub: El desinstalador de Git para Windows es vulnerable al secuestro de DLL cuando se ejecuta bajo la cuenta de usuario SYSTEM", }, ], id: "CVE-2022-24767", lastModified: "2024-11-21T06:51:03.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-04-12T18:15:09.510", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-427", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:42
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "2B35392C-DFB3-4AEE-AB3C-09CE3D2B7A7D", versionEndExcluding: "15.9.69", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:-:*:*", matchCriteriaId: "17DF3758-1A21-494C-B450-FC70FB246428", versionEndExcluding: "16.11.43", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "4C373831-8981-462F-8A57-9C71D1839052", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "9CA6DD18-569B-449D-82FF-4BE3A57E7150", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "EDA7CDF2-DB37-4C34-9D5F-E09B34B83B1A", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "4CDB41EA-38E1-4325-8DE7-27E187C1695B", versionEndExcluding: "17.12.4", versionStartIncluding: "17.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Visual Studio", }, ], id: "CVE-2025-21178", lastModified: "2025-01-27T18:42:39.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2025-01-14T18:15:30.847", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "D24A94DC-945C-42E3-91FD-CB0B541D8C51", versionEndExcluding: "15.9.27", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "38E37F70-BFA4-40AF-AFB5-E0771CD1426E", versionEndExcluding: "16.4.13", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "774D798B-0012-4174-AB23-514260463404", versionEndExcluding: "16.7.3", versionStartIncluding: "16.5", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de datos, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1133", }, ], id: "CVE-2020-1130", lastModified: "2024-11-21T05:09:48.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.043", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104640 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041271 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104640 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041271 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.7.5 | |
| microsoft | visual_studio_2017 | 15.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.7.5:*:*:*:*:*:*:*", matchCriteriaId: "F8018249-9F39-42A0-B17C-A3AF51D7D253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.8:*:*:*:*:*:*:*", matchCriteriaId: "1146A295-C7BF-4036-9610-9DBC7C8D94AE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka \"Microsoft Macro Assembler Tampering Vulnerability.\" This affects Microsoft Visual Studio.", }, { lang: "es", value: "Existe una vulnerabilidad de falsificación cuando Microsoft Macro Assembler valida código de forma incorrecta. Esto también se conoce como \"Microsoft Macro Assembler Tampering Vulnerability\". Esto afecta a Microsoft Visual Studio.", }, ], id: "CVE-2018-8232", lastModified: "2024-11-21T04:13:28.377", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-11T00:29:00.587", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104640", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041271", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041271", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-12 18:15
Modified
2024-11-21 05:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | .net_core | * | |
| microsoft | powershell_core | * | |
| microsoft | powershell_core | * | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | 8.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "B85CD4C7-D84B-4C54-A604-FC852038A565", versionEndIncluding: "5.0.8", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "FB624437-CB1B-46A2-BF75-30035D99D2EF", versionEndIncluding: "2.1.28", versionStartIncluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "6F344BDC-2929-4CEA-8414-E4D07C1F76F0", versionEndIncluding: "3.1.17", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", matchCriteriaId: "BE4005F4-89BB-4597-9070-1137B4CEFC9B", versionEndExcluding: "7.0.7", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", matchCriteriaId: "40F33C0C-7AF0-4B48-828C-00534012D728", versionEndExcluding: "7.1.4", versionStartIncluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "26472C42-CDB4-4176-B10B-3BF26F5030E3", versionEndIncluding: "16.10", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", matchCriteriaId: "BA547FFE-D557-4612-9840-EEE88ACF53AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET Core and Visual Studio Denial of Service Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Denegación de Servicio en .NET Core y Visual Studio", }, ], id: "CVE-2021-26423", lastModified: "2024-11-21T05:56:21.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-08-12T18:15:08.537", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/ | ||
| secure@microsoft.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/ | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | asp.net_core | 2.1 | |
| microsoft | asp.net_core | 3.1 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", matchCriteriaId: "19C3047E-C222-4636-B1B3-722F2C65BC99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", matchCriteriaId: "5FE4072E-3226-435C-BC61-A775D3EF2822", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE5FF31-110B-4518-A0B9-E94E2840B492", versionEndIncluding: "16.3", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "64BFBAC2-C362-457F-90A8-9E56C25694E6", versionEndIncluding: "16.6", versionStartIncluding: "16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como \"ASP.NET Core Denial of Service Vulnerability\".", }, ], id: "CVE-2020-1597", lastModified: "2024-11-21T05:10:55.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T19:15:21.927", references: [ { source: "secure@microsoft.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, { source: "secure@microsoft.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*", matchCriteriaId: "718C39FC-A564-4CE4-B88F-C9D7108764DF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "A73D1417-E2B9-4ECD-B637-46D22B21F229", versionEndExcluding: "15.9.25", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F6E8E7-78B8-4F60-8C6F-18888607E55B", versionEndExcluding: "16.4.11", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "08D757E7-5BC3-4671-9A34-2AE4946FF86B", versionEndExcluding: "16.6.4", versionStartIncluding: "16.5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando el Windows Diagnostics Hub Standard Collector Service presenta un fallo al sanear apropiadamente la entrada, lo que conlleva a un comportamiento de carga de biblioteca no seguro, también se conoce como \"Windows Diagnostics Hub Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1418", }, ], id: "CVE-2020-1393", lastModified: "2024-11-21T05:10:24.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:16.073", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:59
Severity ?
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103715 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040664 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103715 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040664 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2010 | |
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio | 2017 | |
| microsoft | visual_studio_2017 | 15.6.6 | |
| microsoft | visual_studio_2017 | 15.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "4DD0F743-9881-4934-944A-982F994FC595", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update5:*:*:*:*:*:*", matchCriteriaId: "552ECB0E-21C4-4513-B410-6B91DB554FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update5:*:*:*:*:*:*", matchCriteriaId: "6D17A077-7D51-459B-8BC6-6F6DE055A714", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2017:*:*:*:*:*:*:*", matchCriteriaId: "E5DB2D78-534E-49B5-B460-41049F7238BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.6.6:*:*:*:*:*:*:*", matchCriteriaId: "F340A138-F4E2-438C-8FEE-BEE1408D09AD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.7:*:preview:*:*:*:*:*", matchCriteriaId: "0A7C2BD8-E17D-4B0D-846A-7A6B01F78BA9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información cuando Visual Studio muestra incorrectamente contenidos limitados de memoria no inicializada cuando se compilan archivos PDB (Program Database). Esto también se conoce como \"Microsoft Visual Studio Information Disclosure Vulnerability\". Esto afecta a Microsoft Visual Studio.", }, ], id: "CVE-2018-1037", lastModified: "2024-11-21T03:59:02.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T01:29:10.423", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103715", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040664", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040664", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_storage_explorer | - | |
| microsoft | typescript | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_code | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:azure_storage_explorer:-:*:*:*:*:*:*:*", matchCriteriaId: "334D89E1-AD97-4FB3-A6F1-15DCCFDBE633", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:typescript:-:*:*:*:*:*:*:*", matchCriteriaId: "BA277009-E2BA-4587-A128-B3945124B804", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "A73D1417-E2B9-4ECD-B637-46D22B21F229", versionEndExcluding: "15.9.25", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "E94E13B1-8CE6-4B86-AB58-19FAB3F92E05", versionEndExcluding: "16.0.16", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "0646F955-A55C-4DA7-A73A-0A23B51FB47C", versionEndExcluding: "16.4.11", versionStartIncluding: "16.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "F639AE14-5A14-4CFC-B2AF-AC0B458F2F14", versionEndExcluding: "16.6.4", versionStartIncluding: "16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*", matchCriteriaId: "39A9B2C7-91A5-4720-98E5-33A633E7EAB2", versionEndExcluding: "1.47.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios en Visual Studio y Visual Studio Code cuando cargan dependencias de software, también se conoce como \"Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'", }, ], id: "CVE-2020-1416", lastModified: "2024-11-21T05:10:27.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:17.760", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | 16.8 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "8FAA2CA6-EE09-4822-8A44-DF69A4164CED", versionEndExcluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "6DBA7D99-6B58-4C62-B683-C9F91C82FEEA", versionEndExcluding: "16.4", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "7EF76B45-3EA0-4BD6-8799-888F0654D2AE", versionEndExcluding: "16.7", versionStartIncluding: "16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*", matchCriteriaId: "BBE9B863-01E5-486C-8B9D-6DC0F78222A7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Elevación de Privilegios del recopilador estándar de Diagnostics Hub. Este ID de CVE es diferente de CVE-2021-1680", }, ], id: "CVE-2021-1651", lastModified: "2024-11-21T05:44:48.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:30.963", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 17:15
Modified
2024-11-21 08:10
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "D4793BFB-2E4E-4067-87A5-4B8749025CA3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", matchCriteriaId: "1DE0C8DD-9C73-4876-8193-068F18074B58", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "482C808D-C0EB-479D-B8A2-D7B04DB4854F", versionEndExcluding: "15.9.57", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "40434953-906B-453E-9F4C-46BF0F693E06", versionEndExcluding: "16.11.30", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E7698BEE-8540-4F0C-A500-1393055B88F4", versionEndExcluding: "17.2.19", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8174DBE5-A4BB-4FA6-B921-B2E82B08DAC9", versionEndExcluding: "17.4.11", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E8241557-9AD7-42D9-AF07-4C7C1A19AB53", versionEndExcluding: "17.7.4", versionStartIncluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Códigode Visual Studio", }, ], id: "CVE-2023-36792", lastModified: "2024-11-21T08:10:36.220", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-09-12T17:15:14.510", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-14 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.
To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands.
The update addresses the issue by changing the permissions required to edit configuration files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.2:*:*:*:*:*:*:*", matchCriteriaId: "FE087F4D-F5FC-4286-B559-AE5C0E448D27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.\nTo exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands.\nThe update addresses the issue by changing the permissions required to edit configuration files.\n", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios en Git para Visual Studio, cuando analiza inapropiadamente los archivos de configuración, también se conoce como \"Git for Visual Studio Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2019-1211", lastModified: "2024-11-21T04:36:15.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.7, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-14T21:15:18.347", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-12 18:15
Modified
2024-11-21 06:10
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
.NET Core and Visual Studio Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | .net_core | * | |
| microsoft | powershell_core | * | |
| microsoft | powershell_core | * | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "B85CD4C7-D84B-4C54-A604-FC852038A565", versionEndIncluding: "5.0.8", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "FB624437-CB1B-46A2-BF75-30035D99D2EF", versionEndIncluding: "2.1.28", versionStartIncluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "6F344BDC-2929-4CEA-8414-E4D07C1F76F0", versionEndIncluding: "3.1.17", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", matchCriteriaId: "BE4005F4-89BB-4597-9070-1137B4CEFC9B", versionEndExcluding: "7.0.7", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", matchCriteriaId: "40F33C0C-7AF0-4B48-828C-00534012D728", versionEndExcluding: "7.1.4", versionStartIncluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "26472C42-CDB4-4176-B10B-3BF26F5030E3", versionEndIncluding: "16.10", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET Core and Visual Studio Information Disclosure Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Divulgación de Información en .NET Core y Visual Studio", }, ], id: "CVE-2021-34485", lastModified: "2024-11-21T06:10:30.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-08-12T18:15:09.157", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35825, CVE-2022-35826, CVE-2022-35827", }, ], id: "CVE-2022-35777", lastModified: "2024-11-21T07:11:39.990", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-08-09T20:15:12.703", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 21:15
Modified
2024-11-21 07:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "832BAB52-5118-4E00-955D-BF3716B288D0", versionEndExcluding: "15.9.52", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "821BE24D-9EEE-42FE-B4E7-5C682F6B34C4", versionEndExcluding: "16.11.24", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "5AA616AA-25E5-4943-A614-99FF6DFF260E", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "191993E5-B343-45A6-B485-F45F5D8E924D", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F16E4665-E579-4211-92C0-D8058F73A359", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Visual Studio", }, ], id: "CVE-2023-21815", lastModified: "2024-11-21T07:43:42.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2023-02-14T21:15:11.990", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-09 22:15
Modified
2024-11-21 07:22
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 | |
| microsoft | visual_studio_2022 | 17.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.3:*:*:*:*:*:*:*", matchCriteriaId: "6C0E9FAF-2CDC-42E4-B2BB-44E6136E3D22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Visual Studio", }, ], id: "CVE-2022-41119", lastModified: "2024-11-21T07:22:39.473", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-11-09T22:15:24.813", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visual Studio Installer Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "0FEF0A4F-CB6E-4004-8DCE-723877109D7A", versionEndIncluding: "16.4", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "001A6F4F-13F6-440A-BD4B-21C91C5677E1", versionEndIncluding: "16.7", versionStartIncluding: "16.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "861B2F5D-4549-4186-BD88-A5180F4D83DF", versionEndIncluding: "16.9", versionStartIncluding: "16.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Installer Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Elevación de Privilegios de Visual Studio Installer", }, ], id: "CVE-2021-27064", lastModified: "2024-11-21T05:57:16.887", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:15.343", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-30 | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-42 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-42 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "10449533-62C1-48C0-83DA-DE23AB348D78", versionEndExcluding: "15.9.18", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "82C0D6F5-7300-418C-8024-24741B226036", versionEndExcluding: "16.4.1", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota cuando Git para Visual Studio sanea inapropiadamente la entrada, también se conoce como \"Git for Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], id: "CVE-2019-1350", lastModified: "2024-11-21T04:36:32.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T21:15:12.800", references: [ { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-42", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2024-11-21 07:54
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "5DA31D6C-5369-40DC-99F8-90B997461BE6", versionEndExcluding: "15.9.54", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "D6B51259-1136-4B2D-8E02-76EF121FE9A9", versionEndExcluding: "16.11.26", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "06B7E408-A6EC-4556-A535-3F3340F314F7", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "16287ED1-84CC-42D7-888D-9F1C5278A93F", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "C0075BF4-95C0-491C-AA2C-A7013C47EFDA", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "B7D4F983-B988-419C-9C94-E567E94A179E", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, ], id: "CVE-2023-28296", lastModified: "2024-11-21T07:54:46.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-04-11T21:15:27.407", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-02-28 16:12
Severity ?
Summary
Visual Studio Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "7148C3A7-9A70-4560-9A0C-94951B2C9B49", versionEndExcluding: "15.9.70", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "E672587A-4C0E-40F9-9417-0E9F91BC0361", versionEndExcluding: "16.11.44", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "6AD60982-A18A-446A-970E-212B3F351925", versionEndExcluding: "17.8.18", versionStartIncluding: "17.8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "950538A7-8681-497B-BB96-A040B9989362", versionEndExcluding: "17.10.11", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "B7F01478-80E9-4E46-AD9B-CC6D095347D3", versionEndExcluding: "17.12.5", versionStartIncluding: "17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Installer Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en el instalador de Visual Studio", }, ], id: "CVE-2025-21206", lastModified: "2025-02-28T16:12:14.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2025-02-11T18:15:31.610", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2024-11-21 04:16
Severity ?
Summary
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106872 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106872 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_server_2016 | 1709 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1703 | |
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", matchCriteriaId: "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en el software de .NET Framework y en Visual Studio cuando el software no comprueba correctamente el marcado de origen de un archivo. Un atacante que consiguiera explotarla podría ejecutar código arbitrario en el contexto del usuario actual. Esto también se conoce como \".NET Framework and Visual Studio Remote Code Execution Vulnerability\".", }, ], id: "CVE-2019-0613", lastModified: "2024-11-21T04:16:57.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-05T23:29:00.927", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106872", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-08 21:29
Modified
2024-11-21 04:16
Severity ?
Summary
A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106391 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106391 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | 15.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Visual Studio cuando el compilador C++ gestiona indebidamente combinaciones específicas de construcciones C++. Esta vulnerabilidad también se conoce como \"Visual Studio Remote Code Execution Vulnerability.\" Esto afecta a Microsoft Visual Studio.", }, ], id: "CVE-2019-0546", lastModified: "2024-11-21T04:16:49.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-08T21:29:00.613", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106391", }, { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106391", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", versionEndIncluding: "16.8", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Visual Studio", }, ], id: "CVE-2020-17156", lastModified: "2024-11-21T05:07:55.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:16.543", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2019 | - | |
| microsoft | visual_studio_2015 | update_3 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2015:update_3:*:*:*:*:*:*:*", matchCriteriaId: "8C58C82C-6F98-47B2-8801-8D04D4C5CF7D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "D0B3CF5E-F740-4A66-8173-10FEE4DCD08D", versionEndIncluding: "15.9", versionStartIncluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "0FEF0A4F-CB6E-4004-8DCE-723877109D7A", versionEndIncluding: "16.4", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2020-0793", lastModified: "2024-11-21T04:54:13.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:15.487", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1293", }, ], id: "CVE-2020-1278", lastModified: "2024-11-21T05:10:08.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:18.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:44
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Code Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_code | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", versionEndIncluding: "16.8", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_code:-:*:*:*:*:*:*:*", matchCriteriaId: "8FF33086-D7CC-44D1-A347-9F3EB50F74A0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Code Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Visual Studio Code", }, ], id: "CVE-2021-1639", lastModified: "2024-11-21T05:44:47.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:13.053", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2024-11-21 06:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1076/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1076/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "57D7DA66-67F6-4B60-AF63-38C3C2C758AB", versionEndIncluding: "16.7", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota en Visual Studio", }, ], id: "CVE-2021-36952", lastModified: "2024-11-21T06:14:22.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-09-15T12:15:13.093", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1076/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.9 | |
| microsoft | visual_studio_2019 | 16.11 | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", matchCriteriaId: "DF6CF9B0-D279-42CD-A84D-48327F44422D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*", matchCriteriaId: "99E7DAC9-17EF-40D4-AEEC-C24970B7190F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35825, CVE-2022-35826", }, ], id: "CVE-2022-35827", lastModified: "2024-11-21T07:11:46.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-08-09T20:15:15.307", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1278, CVE-2020-1293", }, ], id: "CVE-2020-1257", lastModified: "2024-11-21T05:10:06.083", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:16.850", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.9 | |
| microsoft | visual_studio_2019 | 16.11 | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", matchCriteriaId: "DF6CF9B0-D279-42CD-A84D-48327F44422D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*", matchCriteriaId: "99E7DAC9-17EF-40D4-AEEC-C24970B7190F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35825, CVE-2022-35827", }, ], id: "CVE-2022-35826", lastModified: "2024-11-21T07:11:45.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-08-09T20:15:15.250", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 02:29
Modified
2024-11-21 04:17
Severity ?
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2019:1259 | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1259 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | - | |
| apple | macos | - | |
| microsoft | nuget | 4.3.1 | |
| microsoft | nuget | 4.4.2 | |
| microsoft | nuget | 4.5.2 | |
| microsoft | nuget | 4.6.3 | |
| microsoft | nuget | 4.7.2 | |
| microsoft | nuget | 4.8.2 | |
| microsoft | nuget | 4.9.4 | |
| mono-project | mono_framework | 5.18.0.223 | |
| mono-project | mono_framework | 5.20.0 | |
| microsoft | .net_core_sdk | 1.1 | |
| microsoft | .net_core | 1.0 | |
| microsoft | .net_core | 1.1 | |
| microsoft | .net_core_sdk | 2.1.500 | |
| microsoft | .net_core | 2.1 | |
| microsoft | .net_core_sdk | 2.2.100 | |
| microsoft | .net_core | 2.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3BBC3EE0-4087-41B2-A68E-547BC2E555B0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A682279C-B149-4B8C-A77B-358734FEED04", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "1D679328-6D42-47AA-9442-39EDD7934AC8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*", matchCriteriaId: "1CEF9AC2-976B-4984-ACE7-7F1FFDC5DE4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "687F6CDF-90C8-4452-8EF4-2B7B2583D399", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*", matchCriteriaId: "CCA80AC0-B4F7-4318-B1DF-CC12C878B458", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*", matchCriteriaId: "C821DB95-80BF-4B94-8194-AAA286457FA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*", matchCriteriaId: "2A9C97DF-AF6E-4D4D-9A65-F4DA1E8B4F91", vulnerable: true, }, { criteria: "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*", matchCriteriaId: "A56F0C3E-21CF-4887-B931-505E9F9BAE54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*", matchCriteriaId: "F38B0049-4EF6-4EFB-AC6A-71B8A9FA6544", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9EDF760A-C775-457E-8091-586E56545B07", vulnerable: false, }, { criteria: "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", matchCriteriaId: "2F87DCF0-0552-4815-8148-C9894397C5EF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*", matchCriteriaId: "7BACCC0F-721B-4039-985D-EFAD2044996E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*", matchCriteriaId: "D8A3CDDB-8FF1-4CB0-BD4E-5BF78792D9CC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", matchCriteriaId: "A5AB75F9-B0FC-46B5-A863-0458696773DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'.", }, ], id: "CVE-2019-0757", lastModified: "2024-11-21T04:17:13.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-09T02:29:00.600", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1259", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:07
Severity ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "AEA12D36-333A-4AD8-AECA-7FC85780EC03", versionEndExcluding: "15.9.63", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "DB2A31FC-2741-4500-8EA2-B67A1025402D", versionEndExcluding: "16.11.37", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "6993B949-BB1A-4341-85D4-CB79406A755E", versionEndExcluding: "17.4.20", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "7187D7EB-112B-4240-BB55-9443C4397263", versionEndExcluding: "17.6.16", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "85BA04C4-11BD-4038-9B7C-93AE02FAF03C", versionEndExcluding: "17.8.11", versionStartIncluding: "17.8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "70C6E63C-4CF8-4A54-A07E-88FE56A9045B", versionEndExcluding: "17.10.2", versionStartIncluding: "17.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en Visual Studio", }, ], id: "CVE-2024-29060", lastModified: "2024-11-21T09:07:28.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.5, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-06-11T17:15:51.383", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
.NET Core and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | .net_core | * | |
| microsoft | powershell_core | 7.0 | |
| microsoft | powershell_core | 7.1 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "8797E7EA-A66B-4B9C-AA2A-DAB08A8A16DB", versionEndIncluding: "5.0.2", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "7C5D87DA-378D-4457-986B-8A0796ED00EB", versionEndIncluding: "2.1.24", versionStartIncluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1B672ED7-CB65-4D0E-AD4B-4508C4FA8C92", versionEndIncluding: "3.1.11", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6A812D8D-C6DA-473E-A604-988BCDA26CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*", matchCriteriaId: "AAFBD34E-F04C-4B1B-AFD4-0D926BC30609", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", versionEndIncluding: "16.8", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET Core and Visual Studio Denial of Service Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Denegación de Servicio de .NET Core y Visual Studio", }, ], id: "CVE-2021-1721", lastModified: "2024-11-21T05:44:58.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:13.210", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:52
Severity ?
Summary
Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "8A3FE761-3245-4763-9FC8-FA81B2AFC945", versionEndExcluding: "15.9.59", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "EEAEA929-9BCB-463F-BFD7-E56E9BEB8AB3", versionEndExcluding: "16.11.33", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "05D999A1-AB25-4642-8D94-07AD00FEE820", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "AE1C61FB-CC6B-4D88-8B7F-FFE9D1238A6C", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "7CA9C0A3-7D62-40CE-8493-514CB313F72C", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en Visual Studio", }, ], id: "CVE-2024-20656", lastModified: "2024-11-21T08:52:51.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-01-09T18:15:48.490", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 21:15
Modified
2024-11-21 07:43
Severity ?
Summary
Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "832BAB52-5118-4E00-955D-BF3716B288D0", versionEndExcluding: "15.9.52", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "821BE24D-9EEE-42FE-B4E7-5C682F6B34C4", versionEndExcluding: "16.11.24", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "5AA616AA-25E5-4943-A614-99FF6DFF260E", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "191993E5-B343-45A6-B485-F45F5D8E924D", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F16E4665-E579-4211-92C0-D8058F73A359", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Denial of Service Vulnerability", }, ], id: "CVE-2023-21567", lastModified: "2024-11-21T07:43:06.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 4.2, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-02-14T21:15:11.157", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-12 19:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.3:*:*:*:*:*:*:*", matchCriteriaId: "CAFA5034-FD50-4DAB-B676-39FB188AC3EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando Visual Studio no es capaz de comprobar apropiadamente los enlaces físicos mientras extrae los archivos registrados, también se conoce como \"Visual Studio Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2019-1425", lastModified: "2024-11-21T04:36:40.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-12T19:15:14.503", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2024-11-21 07:54
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Visual Studio Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "5DA31D6C-5369-40DC-99F8-90B997461BE6", versionEndExcluding: "15.9.54", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "D6B51259-1136-4B2D-8E02-76EF121FE9A9", versionEndExcluding: "16.11.26", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "06B7E408-A6EC-4556-A535-3F3340F314F7", versionEndExcluding: "17.0.21", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "16287ED1-84CC-42D7-888D-9F1C5278A93F", versionEndExcluding: "17.2.15", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "C0075BF4-95C0-491C-AA2C-A7013C47EFDA", versionEndExcluding: "17.4.7", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*", matchCriteriaId: "B7D4F983-B988-419C-9C94-E567E94A179E", versionEndExcluding: "17.5.4", versionStartIncluding: "17.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Spoofing Vulnerability", }, ], id: "CVE-2023-28299", lastModified: "2024-11-21T07:54:47.197", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-11T21:15:27.663", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | 16.8 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "DB2C7A8D-85BA-4BA5-868B-AABEBCCBCDE5", versionEndIncluding: "16.7.0", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*", matchCriteriaId: "BBE9B863-01E5-486C-8B9D-6DC0F78222A7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector. Este ID de CVE es diferente de CVE-2021-1651", }, ], id: "CVE-2021-1680", lastModified: "2024-11-21T05:44:52.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:32.637", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-14 00:15
Modified
2024-11-21 08:04
Severity ?
Summary
Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update5:*:*:*:*:*:*", matchCriteriaId: "647EBBAA-C731-4954-A62C-2B1AAFB1061C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "AB877090-2FA4-4E6A-99D1-70375A3AD90E", versionEndExcluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "979A6A3D-64F8-4099-A00D-16F5BAC2BD79", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "26472C42-CDB4-4176-B10B-3BF26F5030E3", versionEndIncluding: "16.10", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "DFF8A760-E6E1-483D-A955-102A8D82B62C", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1F98BC-0D82-4AEB-9E1E-D67325E99385", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "B6B0B496-BC41-4F9D-9A28-AE7664B5C77D", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "BC861E65-1682-4E99-8A7B-F4A31DDC0198", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "51DB90D6-C1C4-43B9-8B37-696CB361F37F", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Information Disclosure Vulnerability", }, ], id: "CVE-2023-33139", lastModified: "2024-11-21T08:04:58.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-14T00:15:12.380", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 17:15
Modified
2024-11-21 08:10
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "D4793BFB-2E4E-4067-87A5-4B8749025CA3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", matchCriteriaId: "1DE0C8DD-9C73-4876-8193-068F18074B58", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "482C808D-C0EB-479D-B8A2-D7B04DB4854F", versionEndExcluding: "15.9.57", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "40434953-906B-453E-9F4C-46BF0F693E06", versionEndExcluding: "16.11.30", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E7698BEE-8540-4F0C-A500-1393055B88F4", versionEndExcluding: "17.2.19", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8174DBE5-A4BB-4FA6-B921-B2E82B08DAC9", versionEndExcluding: "17.4.11", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E8241557-9AD7-42D9-AF07-4C7C1A19AB53", versionEndExcluding: "17.7.4", versionStartIncluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Visual Studio", }, ], id: "CVE-2023-36796", lastModified: "2024-11-21T08:10:36.770", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-09-12T17:15:15.173", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | asp.net_core | 3.1 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", matchCriteriaId: "5FE4072E-3226-435C-BC61-A775D3EF2822", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "D0B3CF5E-F740-4A66-8173-10FEE4DCD08D", versionEndIncluding: "15.9", versionStartIncluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "6BF04E9A-C8B5-4E56-81DB-D22876E31161", versionEndIncluding: "16.5", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como \"ASP.NET Core Denial of Service Vulnerability\".", }, ], id: "CVE-2020-1161", lastModified: "2024-11-21T05:09:52.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:17.603", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-07 16:15
Modified
2024-11-21 05:20
Severity ?
Summary
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 | Patch, Vendor Advisory | |
| cve@mitre.org | https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cure53 | dompurify | * | |
| debian | debian_linux | 9.0 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.4 | |
| microsoft | visual_studio_2019 | 16.7 | |
| microsoft | visual_studio_2019 | 16.8 | |
| oracle | application_express | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*", matchCriteriaId: "1912C4C9-2CB9-4FE6-99ED-B0D60F553977", versionEndExcluding: "2.0.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", matchCriteriaId: "E904F8BF-C415-43BC-89BD-8AD912BEA82A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*", matchCriteriaId: "E47AD481-C23D-4610-B9BC-844F7B8F7A28", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*", matchCriteriaId: "BBE9B863-01E5-486C-8B9D-6DC0F78222A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", matchCriteriaId: "8F02ECEF-AC7D-4C4C-9A95-890D135F7286", versionEndExcluding: "21.1.0.00.01", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.", }, { lang: "es", value: "Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demostrado al anidar los elementos FORM", }, ], id: "CVE-2020-26870", lastModified: "2024-11-21T05:20:23.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-07T16:15:18.030", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*", matchCriteriaId: "718C39FC-A564-4CE4-B88F-C9D7108764DF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE5FF31-110B-4518-A0B9-E94E2840B492", versionEndIncluding: "16.3", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "64BFBAC2-C362-457F-90A8-9E56C25694E6", versionEndIncluding: "16.6", versionStartIncluding: "16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>\n<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Visual Studio cuando maneja inapropiadamente objetos en la memoria, también se conoce como \"Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16874", }, ], id: "CVE-2020-16856", lastModified: "2024-11-21T05:07:16.903", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:16.857", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 21:15
Modified
2024-11-21 07:43
Severity ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | 17.0 | |
| microsoft | visual_studio_2022 | 17.2 | |
| microsoft | visual_studio_2022 | 17.4 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_22h2 | * | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10_1507 | * | |
| microsoft | windows_10_1507 | * | |
| microsoft | windows_10_1511 | * | |
| microsoft | windows_10_1511 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1703 | * | |
| microsoft | windows_10_1703 | * | |
| microsoft | windows_10_1709 | * | |
| microsoft | windows_10_1709 | * | |
| microsoft | windows_10_1803 | * | |
| microsoft | windows_10_1803 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1909 | * | |
| microsoft | windows_10_1909 | * | |
| microsoft | windows_10_2004 | * | |
| microsoft | windows_10_2004 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_21h1 | * | |
| microsoft | windows_10_21h1 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F6CE8612-0E01-406F-B5E7-8C7F5451E2FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "604A3D22-3DC9-4AB2-9C23-FC41E19F5B57", versionEndExcluding: "15.9.51", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "821BE24D-9EEE-42FE-B4E7-5C682F6B34C4", versionEndExcluding: "16.11.24", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", matchCriteriaId: "3393F97F-05CD-4B04-A6E1-3D914652C4E5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*", matchCriteriaId: "AB70FC91-06DB-4E92-9C0B-6FDE078F911B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*", matchCriteriaId: "CF5EA902-2AC2-4027-802E-4C5CB8F180B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "D00F295B-6ECF-43C4-BD71-98F835CCDB0D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "1648C361-E25C-42FE-8543-03DE56100201", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", matchCriteriaId: "4C3391B0-C6A6-4F6F-AC1B-AD0927C2C986", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", matchCriteriaId: "112871CE-B37B-454E-AC10-A285D92CCE0E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "E461193F-C65C-47D7-89B6-F1C68877E3CC", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "37833862-8FE6-4007-84F1-88ACF5242F12", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "7B844383-85F5-41FA-AE73-C6C6F80734E1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "3C3151EE-B690-4412-9520-5A0EDC0E91F4", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "758EC2EA-ED6B-490D-A4E5-FC26AC7A0753", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "0E1ED1CF-8CE9-4C98-9691-B249B1E6A8D7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "5F395D0A-8E6D-4365-BB41-75208225E83F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "7BC0589A-222D-4D94-92D2-77432F8EFA61", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "E3D0CEE5-45D9-4710-B170-A33A8D0D55CF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "39F5DAC9-ED40-4870-AA86-941B0E675728", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "D00F295B-6ECF-43C4-BD71-98F835CCDB0D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "1648C361-E25C-42FE-8543-03DE56100201", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", matchCriteriaId: "251E413C-68F6-43C6-975C-C0B6AD4D36DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", matchCriteriaId: "4C3391B0-C6A6-4F6F-AC1B-AD0927C2C986", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", matchCriteriaId: "112871CE-B37B-454E-AC10-A285D92CCE0E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "5F395D0A-8E6D-4365-BB41-75208225E83F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", matchCriteriaId: "79AE85FA-1B04-4A31-B8EC-EFC0C40CE7A8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", matchCriteriaId: "E9DF76CF-2B8C-4548-98E4-7ED4DDBC5615", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1511:*:*:*:*:*:*:x64:*", matchCriteriaId: "24780C21-148C-4441-AE89-4A7F08AA579A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1511:*:*:*:*:*:*:x86:*", matchCriteriaId: "D6D9ED3A-90C6-4565-B2D4-6F8590B46708", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "D00F295B-6ECF-43C4-BD71-98F835CCDB0D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "1648C361-E25C-42FE-8543-03DE56100201", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:*:*:*:*:*:*:x64:*", matchCriteriaId: "5433DCD3-8F61-4733-8760-36A82FF0EEB2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:*:*:*:*:*:*:x86:*", matchCriteriaId: "C3E5003B-A395-4F99-8A22-D6C493CED98C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:*:*:*:*:*:*:x64:*", matchCriteriaId: "BAE14E15-B7AB-475B-A62A-92F70ABA09EF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:*:*:*:*:*:*:x86:*", matchCriteriaId: "B19EA4C4-6A20-4E3F-B68C-ADCE2ECA98CF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*", matchCriteriaId: "07548CE8-7236-46B9-8D23-3FA31DABCC55", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x86:*", matchCriteriaId: "4C25DAD2-F251-40A7-9750-31D9865269C7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", matchCriteriaId: "4C3391B0-C6A6-4F6F-AC1B-AD0927C2C986", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", matchCriteriaId: "112871CE-B37B-454E-AC10-A285D92CCE0E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*", matchCriteriaId: "99BC1BAD-6690-4FA5-8543-BF22A6DB426A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", matchCriteriaId: "D52DA30B-90E6-40C0-B5D2-A6DBBA3CA536", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:x64:*", matchCriteriaId: "99546596-2062-40EF-9CA9-A89201FDFED0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:x86:*", matchCriteriaId: "0A41C44A-61EF-493D-BF3B-810B606B5F07", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "E461193F-C65C-47D7-89B6-F1C68877E3CC", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "37833862-8FE6-4007-84F1-88ACF5242F12", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*", matchCriteriaId: "19A82750-CB79-4834-823B-422F7FC5044F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*", matchCriteriaId: "1989CA28-A565-4083-9CCD-F0CADAB8D352", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "3C3151EE-B690-4412-9520-5A0EDC0E91F4", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "758EC2EA-ED6B-490D-A4E5-FC26AC7A0753", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "5F395D0A-8E6D-4365-BB41-75208225E83F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "7BC0589A-222D-4D94-92D2-77432F8EFA61", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", matchCriteriaId: "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "F8C79F37-B042-4C09-80EB-2E62DBE2E241", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "E461193F-C65C-47D7-89B6-F1C68877E3CC", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "37833862-8FE6-4007-84F1-88ACF5242F12", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "7B844383-85F5-41FA-AE73-C6C6F80734E1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "3C3151EE-B690-4412-9520-5A0EDC0E91F4", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "758EC2EA-ED6B-490D-A4E5-FC26AC7A0753", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "0E1ED1CF-8CE9-4C98-9691-B249B1E6A8D7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", matchCriteriaId: "7BC0589A-222D-4D94-92D2-77432F8EFA61", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "E3D0CEE5-45D9-4710-B170-A33A8D0D55CF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "39F5DAC9-ED40-4870-AA86-941B0E675728", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", matchCriteriaId: "216BE28A-ABCD-44B5-9689-770B9A62BD35", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", matchCriteriaId: "76AB4B84-CF32-4F18-8AC7-D41EDD3792B1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, ], id: "CVE-2023-21808", lastModified: "2024-11-21T07:43:41.657", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-02-14T21:15:11.730", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.4 | |
| microsoft | visual_studio_2019 | 16.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", matchCriteriaId: "E904F8BF-C415-43BC-89BD-8AD912BEA82A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.5.0:*:*:*:*:*:*:*", matchCriteriaId: "6CCC238C-4305-433B-BC0F-8C537C4A963C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Hay una vulnerabilidad de elevación de privilegios cuando el servicio actualizador de Microsoft Visual Studio maneja inapropiadamente los permisos de archivo, también se conoce como \"Microsoft Visual Studio Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2020-0899", lastModified: "2024-11-21T04:54:25.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:14.403", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-14 15:15
Modified
2024-11-21 07:48
Severity ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10_1507 | - | |
| microsoft | windows_10_1507 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", matchCriteriaId: "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", matchCriteriaId: "AB425562-C0A0-452E-AABE-F70522F15E1A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "8FC46499-DB6E-48BF-9334-85EE27AFE7AF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "83A79DD6-E74E-419F-93F1-323B68502633", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "61959ACC-B608-4556-92AF-4D94B338907A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "C230D3BF-7FCE-405C-B62E-B9190C995C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "0C3552E0-F793-4CDD-965D-457495475805", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B2D24C54-F04F-4717-B614-FE67B3ED9DC0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "D5EC3F68-8F41-4F6B-B2E5-920322A4A321", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "8FC46499-DB6E-48BF-9334-85EE27AFE7AF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "83A79DD6-E74E-419F-93F1-323B68502633", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "61959ACC-B608-4556-92AF-4D94B338907A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "C230D3BF-7FCE-405C-B62E-B9190C995C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "0C3552E0-F793-4CDD-965D-457495475805", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B2D24C54-F04F-4717-B614-FE67B3ED9DC0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "D5EC3F68-8F41-4F6B-B2E5-920322A4A321", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", matchCriteriaId: "1DE0C8DD-9C73-4876-8193-068F18074B58", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update5:*:*:*:*:*:*", matchCriteriaId: "647EBBAA-C731-4954-A62C-2B1AAFB1061C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "979A6A3D-64F8-4099-A00D-16F5BAC2BD79", versionEndExcluding: "15.9.55", versionStartIncluding: "15.9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "26472C42-CDB4-4176-B10B-3BF26F5030E3", versionEndIncluding: "16.10", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "DFF8A760-E6E1-483D-A955-102A8D82B62C", versionEndExcluding: "16.11.27", versionStartIncluding: "16.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1F98BC-0D82-4AEB-9E1E-D67325E99385", versionEndExcluding: "17.0.22", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "B6B0B496-BC41-4F9D-9A28-AE7664B5C77D", versionEndExcluding: "17.2.16", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "BC861E65-1682-4E99-8A7B-F4A31DDC0198", versionEndExcluding: "17.4.8", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "51DB90D6-C1C4-43B9-8B37-696CB361F37F", versionEndExcluding: "17.6.3", versionStartIncluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, ], id: "CVE-2023-24897", lastModified: "2024-11-21T07:48:43.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-14T15:15:09.503", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-02-05 20:03
Severity ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 8.0.0 | |
| microsoft | .net | 9.0.0 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB25C50-5246-435F-B5C6-C4643ADBEC47", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5DFE5320-88E8-42C2-BC1C-E402FE71ECBB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "26472C42-CDB4-4176-B10B-3BF26F5030E3", versionEndIncluding: "16.10", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "4C373831-8981-462F-8A57-9C71D1839052", versionEndExcluding: "17.6.22", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "9CA6DD18-569B-449D-82FF-4BE3A57E7150", versionEndExcluding: "17.8.17", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "EDA7CDF2-DB37-4C34-9D5F-E09B34B83B1A", versionEndExcluding: "17.10.10", versionStartIncluding: "17.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "4CDB41EA-38E1-4325-8DE7-27E187C1695B", versionEndExcluding: "17.12.4", versionStartIncluding: "17.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET and Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en .NET y Visual Studio", }, ], id: "CVE-2025-21172", lastModified: "2025-02-05T20:03:33.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2025-01-14T18:15:30.300", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 21:15
Modified
2024-11-21 07:46
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "832BAB52-5118-4E00-955D-BF3716B288D0", versionEndExcluding: "15.9.52", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "821BE24D-9EEE-42FE-B4E7-5C682F6B34C4", versionEndExcluding: "16.11.24", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "5AA616AA-25E5-4943-A614-99FF6DFF260E", versionEndExcluding: "17.0.19", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "191993E5-B343-45A6-B485-F45F5D8E924D", versionEndExcluding: "17.2.13", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F16E4665-E579-4211-92C0-D8058F73A359", versionEndExcluding: "17.4.5", versionStartIncluding: "17.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Visual Studio", }, ], id: "CVE-2023-23381", lastModified: "2024-11-21T07:46:04.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2023-02-14T21:15:12.920", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2015 | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2015:-:update3:*:*:*:*:*:*", matchCriteriaId: "E8F4DFE9-4F4C-4658-AEFE-6C82367A1D62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "D0B3CF5E-F740-4A66-8173-10FEE4DCD08D", versionEndIncluding: "15.9", versionStartIncluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "0FEF0A4F-CB6E-4004-8DCE-723877109D7A", versionEndIncluding: "16.4", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector o el Visual Studio Standard Collector permiten la creación de archivos en ubicaciones arbitrarias. Para explotar la vulnerabilidad, un atacante primero tendría que iniciar sesión en el sistema. Un atacante podría ejecutar una aplicación especialmente diseñada que podría explotar la vulnerabilidad y tomar el control de un sistema afectado. La actualización aborda la vulnerabilidad al no permitir que el Diagnostics Hub Standard Collector o el Visual Studio Standard Collector cree de archivos en ubicaciones arbitrarias, también se conoce como \"Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2020-0810", lastModified: "2024-11-21T04:54:15.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:16.500", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | Third Party Advisory | |
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-30 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "10449533-62C1-48C0-83DA-DE23AB348D78", versionEndExcluding: "15.9.18", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "82C0D6F5-7300-418C-8024-24741B226036", versionEndExcluding: "16.4.1", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de manipulación cuando Git para Visual Studio maneja inapropiadamente las rutas de unidades virtuales, también se conoce como \"Git for Visual Studio Vulnerability\".", }, ], id: "CVE-2019-1351", lastModified: "2024-11-21T04:36:32.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T21:15:12.863", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 17:15
Modified
2024-11-21 08:10
Severity ?
Summary
Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net | 7.0.0 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB4AE761-6FAC-4000-A63D-42CE3FAB8412", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "D4793BFB-2E4E-4067-87A5-4B8749025CA3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", matchCriteriaId: "1DE0C8DD-9C73-4876-8193-068F18074B58", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "482C808D-C0EB-479D-B8A2-D7B04DB4854F", versionEndExcluding: "15.9.57", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "40434953-906B-453E-9F4C-46BF0F693E06", versionEndExcluding: "16.11.30", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E7698BEE-8540-4F0C-A500-1393055B88F4", versionEndExcluding: "17.2.19", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8174DBE5-A4BB-4FA6-B921-B2E82B08DAC9", versionEndExcluding: "17.4.11", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "E8241557-9AD7-42D9-AF07-4C7C1A19AB53", versionEndExcluding: "17.7.4", versionStartIncluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Visual Studio", }, ], id: "CVE-2023-36794", lastModified: "2024-11-21T08:10:36.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-09-12T17:15:14.947", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2012 | |
| microsoft | visual_studio | 2013 | |
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", matchCriteriaId: "28CC44DA-DF23-400D-9299-7DF3EECD89E9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", matchCriteriaId: "4A820094-4660-4CFA-BAF1-ED4DBF45AD46", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*", matchCriteriaId: "718C39FC-A564-4CE4-B88F-C9D7108764DF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "754856ED-0708-4505-B3CC-C3CF1818DD59", versionEndIncluding: "15.8", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE5FF31-110B-4518-A0B9-E94E2840B492", versionEndIncluding: "16.3", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "64BFBAC2-C362-457F-90A8-9E56C25694E6", versionEndIncluding: "16.6", versionStartIncluding: "16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>\n<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Visual Studio cuando maneja inapropiadamente objetos en la memoria, también se conoce como \"Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16856", }, ], id: "CVE-2020-16874", lastModified: "2024-11-21T05:07:18.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:17.480", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*", matchCriteriaId: "718C39FC-A564-4CE4-B88F-C9D7108764DF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1202", }, ], id: "CVE-2020-1203", lastModified: "2024-11-21T05:09:58.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:13.740", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2020:0228 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-30 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "10449533-62C1-48C0-83DA-DE23AB348D78", versionEndExcluding: "15.9.18", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "82C0D6F5-7300-418C-8024-24741B226036", versionEndExcluding: "16.4.1", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota cuando Git para Visual Studio sanea inapropiadamente la entrada, también se conoce como \"Git for Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", }, ], id: "CVE-2019-1349", lastModified: "2024-11-21T04:36:32.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T21:15:12.707", references: [ { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Visual Studio Tampering Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | 16.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*", matchCriteriaId: "BBE9B863-01E5-486C-8B9D-6DC0F78222A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual Studio Tampering Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Manipulación de Visual Studio", }, ], id: "CVE-2020-17100", lastModified: "2024-11-21T05:07:49.257", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:19.293", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-10 01:19
Modified
2024-11-21 06:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1306/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1306/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_11 | - | |
| microsoft | windows_11 | - | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "C9984FFB-8AFA-438F-B762-B98649B64B23", versionEndIncluding: "16.11", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", matchCriteriaId: "FAE4278F-71A7-43E9-8F79-1CBFAE71D730", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B9F64296-66BF-4F1D-A11C-0C44C347E2AC", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", matchCriteriaId: "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Elevación de Privilegios en Diagnostics Hub Standard Collector", }, ], id: "CVE-2021-42277", lastModified: "2024-11-21T06:27:30.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-11-10T01:19:44.063", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1278", }, ], id: "CVE-2020-1293", lastModified: "2024-11-21T05:10:10.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:19.303", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 03:29
Modified
2024-11-21 04:17
Severity ?
Summary
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | 15.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota cuando el instalador Redistribuible de Visual Studio C++ comprueba inapropiadamente la entrada anterior a cargar archivos de biblioteca de vínculos dinámicos (DLL), también se conoce como “Visual Studio Remote Code Execution Vulnerability”.", }, ], id: "CVE-2019-0809", lastModified: "2024-11-21T04:17:19.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-09T03:29:00.907", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | 15.0 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", matchCriteriaId: "62FE95C2-066B-491D-82BF-3EF173822B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.0:*:*:*:*:*:*:*", matchCriteriaId: "08A58739-CD5F-45F6-BDA3-14069413B66D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Hay una vulnerabilidad de elevación de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector permite la eliminación de archivos en ubicaciones arbitrarias. Para aprovechar la vulnerabilidad, un atacante primero tendría que iniciar sesión en el sistema, conocido como 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.", }, ], id: "CVE-2019-0727", lastModified: "2024-11-21T04:17:10.887", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:00.537", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-11 21:15
Modified
2024-11-21 06:45
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10_1507 | * | |
| microsoft | windows_10_1507 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_1909 | * | |
| microsoft | windows_10_20h2 | * | |
| microsoft | windows_10_21h1 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_server | 2022 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "34732619-6387-49DD-ABF9-15CA8696D509", versionEndExcluding: "15.9.44", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "839813AB-6F4A-40E8-8914-652551499AC2", versionEndExcluding: "16.7.25", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "24C149B5-F832-4108-8E81-069514FBAD0B", versionEndExcluding: "16.9.17", versionStartIncluding: "16.8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", matchCriteriaId: "BCF9D462-E6B6-45D3-8E9F-788F2E646817", versionEndExcluding: "10.0.10240.19177", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", matchCriteriaId: "9B6CEFAB-4D29-4427-8294-203A4A98F1AE", versionEndExcluding: "10.0.10240.19177", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "010F22B5-38B1-4176-B7E8-BB8875B9787C", versionEndExcluding: "10.0.14393.4886", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "4D852EB5-2456-429B-B1D8-DD57710DFE49", versionEndExcluding: "10.0.14393.4886", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", matchCriteriaId: "86E8ADB6-8720-454D-AAFE-C5B4C65EB462", versionEndExcluding: "10.0.17763.2452", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*", matchCriteriaId: "2358BDB5-DB2B-4A60-A9F2-06F2CB0628EB", versionEndExcluding: "10.0.18363.2037", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*", matchCriteriaId: "EE8DAF46-1702-46D1-AAF3-CEFA567953D1", versionEndExcluding: "10.0.19042.1466", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4CB80E-5C0A-430C-9F56-9295EBBFD9C4", versionEndExcluding: "10.0.19043.1466", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "38105E41-F04D-444B-A9F7-51E94726E1E2", versionEndExcluding: "10.0.19044.1466", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "7048A3C3-6FB5-46FA-A709-4A51362E84B2", versionEndExcluding: "10.0.22000.434", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", matchCriteriaId: "BE257836-4F4D-4352-8293-B9CAD34F8794", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Elevación de Privilegios en Microsoft Diagnostics Hub Standard Collector Runtime", }, ], id: "CVE-2022-21871", lastModified: "2024-11-21T06:45:36.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-11T21:15:10.913", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21871", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2024-11-21 04:17
Severity ?
Summary
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106890 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2019:0349 | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106890 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0349 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_core | 1.0 | |
| microsoft | .net_core | 2.1 | |
| microsoft | .net_core | 2.2 | |
| microsoft | powershell_core | 6.0 | |
| microsoft | powershell_core | 6.1 | |
| microsoft | visual_studio_2017 | - | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1709 | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_server_2016 | 1709 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1703 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9EDF760A-C775-457E-8091-586E56545B07", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", matchCriteriaId: "A5AB75F9-B0FC-46B5-A863-0458696773DB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2D6A900C-6173-466A-B54D-683A12F53138", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", matchCriteriaId: "B9A97F21-61EB-4775-9993-4F5500545198", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", matchCriteriaId: "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", matchCriteriaId: "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:x64:*", matchCriteriaId: "8A89D644-5676-47E1-826D-CE343B4A5B14", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:x64:*", matchCriteriaId: "8A89D644-5676-47E1-826D-CE343B4A5B14", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", matchCriteriaId: "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad en determinadas API de .Net Framework y en Visual Studio en la manera en la que analizan sintácticamente las URL. Esto también se conoce como \".NET Framework and Visual Studio Spoofing Vulnerability\".", }, ], id: "CVE-2019-0657", lastModified: "2024-11-21T04:17:03.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-05T23:29:02.037", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106890", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0349", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106890", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-15 19:15
Modified
2024-11-21 04:35
Severity ?
Summary
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.1:*:*:*:*:*:*:*", matchCriteriaId: "2E7095AD-D5B8-4E98-8F8E-60B193CEFB5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el servicio de actualización de Visual Studio maneja inapropiadamente los permisos de archivo, también se conoce como \"Visual Studio Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2019-1077", lastModified: "2024-11-21T04:35:58.187", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.6, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-15T19:15:17.530", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| secure@microsoft.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2020:0228 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| secure@microsoft.com | https://security.gentoo.org/glsa/202003-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-30 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "10449533-62C1-48C0-83DA-DE23AB348D78", versionEndExcluding: "15.9.18", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "82C0D6F5-7300-418C-8024-24741B226036", versionEndExcluding: "16.4.1", versionStartIncluding: "16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota cuando Git para Visual Studio sanea inapropiadamente la entrada, también se conoce como \"Git for Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", }, ], id: "CVE-2019-1352", lastModified: "2024-11-21T04:36:32.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T21:15:12.927", references: [ { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio | 2015 | |
| microsoft | visual_studio_2017 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*", matchCriteriaId: "718C39FC-A564-4CE4-B88F-C9D7108764DF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", versionEndIncluding: "15.9", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB", versionEndIncluding: "16.6", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1203", }, ], id: "CVE-2020-1202", lastModified: "2024-11-21T05:09:58.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:13.663", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 5.0 | |
| microsoft | .net | 5.0 | |
| microsoft | .net | 5.0 | |
| microsoft | .net_core | * | |
| microsoft | .net_core | * | |
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1607 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2016 | * | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1709 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1709 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1803 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 1909 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1903 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_8.1 | - | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_8.1 | - | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | .net_core | 2.1 | |
| microsoft | .net_core | 3.1 | |
| microsoft | visual_studio_2017 | 15.9 | |
| microsoft | visual_studio_2019 | 16.0 | |
| microsoft | visual_studio_2019 | 16.4 | |
| microsoft | visual_studio_2019 | 16.5 | |
| microsoft | powershell | 7.0 | |
| microsoft | powershell_core | 6.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:*", matchCriteriaId: "42AABAD2-3874-42E6-8A63-ACBC1166435B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:*", matchCriteriaId: "DB01FAD2-D94C-4B6A-BCCF-0BBC48AC5268", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:*", matchCriteriaId: "A2EDFA11-C65B-4612-AF84-C8F3208EB8D3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "87A550D8-3DCD-489C-B045-0E2FF272D1BE", versionEndIncluding: "2.1.18", versionStartIncluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "F2BD7843-227A-4DDB-B85E-F0AFD2CDC715", versionEndIncluding: "3.1.4", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", matchCriteriaId: "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", matchCriteriaId: "AB425562-C0A0-452E-AABE-F70522F15E1A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", matchCriteriaId: "C936FD4F-959C-43B8-9917-E2A0DF4A8793", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", matchCriteriaId: "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", matchCriteriaId: "897A48D7-FCA1-4560-AFBB-718AF19BA3A2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", matchCriteriaId: "507EB48C-F479-424C-8ABA-C279AB4FE3F4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", matchCriteriaId: "AF6437F9-6631-49D3-A6C2-62329E278E31", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", matchCriteriaId: "084984D5-D241-497B-B118-50C6C1EAD468", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", matchCriteriaId: "BA592626-F17C-4F46-823B-0947D102BBD2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", matchCriteriaId: "1B3308A0-1699-4A4A-8D6B-AB4E4C825C95", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*", matchCriteriaId: "C96ED0E4-E43A-433C-AD98-FD6AEEB70BA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", matchCriteriaId: "8C72C155-6880-434B-B217-EAA3BA2D0BB8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", matchCriteriaId: "1981BA0D-0920-40C0-8A6A-5D5A1B221560", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", matchCriteriaId: "5DBF4B5B-8782-494D-86FC-B83DCEB735A3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", matchCriteriaId: "61F0792D-7587-4297-8EE7-D4DC3A30EE84", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", matchCriteriaId: "7649042B-4430-4BD9-B82F-984A2831A651", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", matchCriteriaId: "2487AF09-F003-482A-BD42-31F6AEAA033F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", matchCriteriaId: "A07F4D5D-EA91-4B77-9B74-D4741FFA8D85", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", matchCriteriaId: "16F864AE-C519-4D23-9D24-B65E53C5CD28", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", matchCriteriaId: "31622391-A67E-4E2A-A855-1316B6E38630", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", matchCriteriaId: "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", matchCriteriaId: "06BBFA69-94E2-4BAB-AFD3-BC434B11D106", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", matchCriteriaId: "C936FD4F-959C-43B8-9917-E2A0DF4A8793", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", matchCriteriaId: "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", matchCriteriaId: "AB425562-C0A0-452E-AABE-F70522F15E1A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", matchCriteriaId: "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", matchCriteriaId: "39EAF874-1941-4FB8-A70A-BD53F89801E4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", matchCriteriaId: "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", matchCriteriaId: "06BBFA69-94E2-4BAB-AFD3-BC434B11D106", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*", matchCriteriaId: "7B53B587-D639-45C0-AC33-90669934666A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", matchCriteriaId: "6290EF90-AB91-4990-8D44-4F64F49AE133", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3886D126-9ADC-4AAF-8169-70F3DE3A7773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", matchCriteriaId: "E904F8BF-C415-43BC-89BD-8AD912BEA82A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*", matchCriteriaId: "13720B27-DA06-445C-A1CF-F89A98F98C20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*", matchCriteriaId: "E32B1BC1-F95D-4DC4-B73A-7D958ADE3D38", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", matchCriteriaId: "A3830438-FB77-4031-B229-F6A37DDCBE98", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad denegación de servicio cuando .NET Core o .NET Framework manejan inapropiadamente las peticiones web, también se conoce como \".NET Core & .NET Framework Denial of Service Vulnerability\"", }, ], id: "CVE-2020-1108", lastModified: "2024-11-21T05:09:45.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:14.867", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-04-16 19:44
Severity ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 8.0.0 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| microsoft | visual_studio_2017 | * | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10_1507 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_23h2 | - | |
| microsoft | windows_11_24h2 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | windows_server_2022_23h2 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net | 9.0.0 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*", matchCriteriaId: "2BD92442-4815-4085-B66F-9A610097A41B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", matchCriteriaId: "2B35392C-DFB3-4AEE-AB3C-09CE3D2B7A7D", versionEndExcluding: "15.9.69", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", matchCriteriaId: "542DAEEC-73CC-46C6-A630-BF474A3446AC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "D4793BFB-2E4E-4067-87A5-4B8749025CA3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*", matchCriteriaId: "42D329B2-432D-4029-87EB-4C3C5F55CD95", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:*:*", matchCriteriaId: "A529CED5-0DF0-4203-85C0-894CAF37E159", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", matchCriteriaId: "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*", matchCriteriaId: "2F513002-D8C1-4D3A-9F79-4B52498F67E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*", matchCriteriaId: "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5DFE5320-88E8-42C2-BC1C-E402FE71ECBB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en .NET, .NET Framework y Visual Studio", }, ], id: "CVE-2025-21176", lastModified: "2025-04-16T19:44:45.977", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2025-01-14T18:15:30.650", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-126", }, ], source: "secure@microsoft.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }